LONDON: Most major companies in the UK are unprepared for new legal stipulations governing the collection of online user data, a study has revealed.

KPMG, the business services firm, assessed 55 corporations and private sector bodies, and found that  95% were not yet in compliance with forthcoming European Union legislation on internet cookies.

As of 26 May, 2012, website owners must receive formal permission from visitors before installing these cookies, which gather information on user browsing habits.

"Organisations now need to focus their efforts on establishing an inventory of their web sites and the cookies currently in use, before evaluating their purpose and establish a pragmatic plan to ensure compliance," said Stephen Bonner, a KPMG partner.

The average website utilises between five and ten cookies, which are especially popular as a means of gleaning insights for targeted advertising or conducting analytics of digital behaviour.

In addition to one site already requesting that consumers opt in, only two further platforms stated they were implementing the necessary changes in their terms and conditions.

Robert Bond, a partner at Speechly Bircham, the law firm, told the Financial Times that big brand owners were among the entities leaving it "to the last minute" to meet the new rules.

"They are either blissfully unaware or waiting to see who will be the first mover," he added. "If they started working tomorrow, many of them would not be compliant in time."

Organisations failing to reach the EU standard could face a fine of £500,000. However, some companies, like ecommerce sites, fear the new rules may limit their access to vital user data.

"If you follow the letter of the law you will go bust very quickly," Michael Ross, CEO of ECommera, the online retail services provider, told the Financial Times. "It is like asking a retailer to operate with a blindfold on."

DataGuidance, which provides resources helping companies fulfil their duties in this area, discovered that just 7% of financial services firms were prepared for the change in procedures.

Lindsey Greig, managing editor of DataGuidance, suggested that while the UK authorities were often flexible on certain legal matters, regulators in Europe "might not take the same approach."

Data sourced from KPMG/Financial Times; additional content by Warc staff