Foregenix Blog

Richard Jones

Successfully implementing GDPR: Compliance and Awareness

GDPR, Cybersecurity

,17/11/17 09:39

The General Data Protection Requirement (GDPR) is essentially about privacy. It relies on cyber security controls to ensure that legitimately used Personally Identifiable Information (PII) is adequately protected against the numerousthreats that could serve to defraud or harm us as individual citizens. 

GDPR covers 173 recitals and 98 articles. I want to bring your attention to one very important passage at the start of Section 2 is article 32 - ‘Security of processing.’ It’s makes a short but important point. It states that organisations should have adequate controls in place to protect any PII that’s required.  

This is Cyber Security Awareness Month. GDPR is about being compliant, but it’s also about awareness for your company about GDPR and the implications of failing to comply.

The new regulations aren’t inherently complex or massively different to the aims of the Data Protection Act that came into effect in 1998. In the last 20 years the world has moved on, with the proliferation of data and the purposes to which it is used. It means we’ve got to update our approach to reflect the way PII is used and unfortunately abused.

Your organisation needs to know how the PII it hosts is used: how it comes into your business’ systems, is moved around and where it resides. By undertaking a data audit, you will highlight where you are most likely to be at risk. It’s almost certainly in the areas where you least likely expect data to reside. Without an awareness of the scope of the challenge, budgeting for and ultimately complying with GDPR is likely to be futile exercise.

There is a need to be aware of any attempts to breach your cyber security defences. As a forensics investigator, it is a failure to detect suspected breaches that generally leads to the pain associated with a data compromise. Picking up on threats as soon as they become apparent will generally neutralise the situation, putting you in a defensible position when proving you are compliant with GDPR.

Finally, you need to be aware of whom to call in the event of a suspected compromise. The sooner you engage your incident response partner, the sooner you will get on top of the situation and be in a position to stave off the fallout from a data compromise.    

Foregenix has considerable experience in the field data compliance and incident response. We work with a range of solutions and services partners to provide the breadth of knowledge required to help your organisation achieve and maintain GDPR compliance.   

GDPR will become EU Law on the 25 May 2018 and it will apply to all UK businesses regardless of the country’s status within the Union.   


Read More:

- What is Personally Identifiable Information?

Cyber Insurance: Why GDPR could make for more competitive premiums.


Guided Website Threat Review


David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More
Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More

Cyber Security Insights

Paul Taylor
21/05/18 09:14

Foregenix Identify Multiple Dell EMC RecoverPoint Zero-Day Vulnerabilities

Foregenix is disclosing six vulnerabilities which were identified in Dell EMC RecoverPoint products during a recent engagement. In the course of the ...

Read More

Andrew McKenna
17/05/18 14:26

Risk & Privacy: What are the board level considerations?

Problem: You’re on the board of a business and want to verify the business is implementing appropriate measures to adhere to security and privacy ...

Read More

Benjamin Hosack
16/05/18 12:30

New Services to Secure Blockchain & Cryptocurrency

Foregenix is proud to announce the launch of its Blockchain & Cryptocurrency Security Practice. Building upon years of experience in the Payment Card ...

Read More

Jake Dennys
14/05/18 15:42

Foregenix Take Best Security at The Techies 2018!

The Techie Awards 2018 are a Business Exchange initiative, created to celebrate the innovation and entrepreneurship of the IT community in Swindon & ...

Read More

David Kirkpatrick
02/05/18 14:22

Know Your Attack Surfaces

During our engagements, we sometimes find customers have difficulty in determining what hosts they own and if they are live on the Internet. This can ...

Read More