Foregenix Blog

Richard Jones

Successfully implementing GDPR: Compliance and Awareness

GDPR, Cybersecurity

,17/11/17 09:39

The General Data Protection Requirement (GDPR) is essentially about privacy. It relies on cyber security controls to ensure that legitimately used Personally Identifiable Information (PII) is adequately protected against the numerousthreats that could serve to defraud or harm us as individual citizens. 

GDPR covers 173 recitals and 98 articles. I want to bring your attention to one very important passage at the start of Section 2 is article 32 - ‘Security of processing.’ It’s makes a short but important point. It states that organisations should have adequate controls in place to protect any PII that’s required.  

This is Cyber Security Awareness Month. GDPR is about being compliant, but it’s also about awareness for your company about GDPR and the implications of failing to comply.

The new regulations aren’t inherently complex or massively different to the aims of the Data Protection Act that came into effect in 1998. In the last 20 years the world has moved on, with the proliferation of data and the purposes to which it is used. It means we’ve got to update our approach to reflect the way PII is used and unfortunately abused.

Your organisation needs to know how the PII it hosts is used: how it comes into your business’ systems, is moved around and where it resides. By undertaking a data audit, you will highlight where you are most likely to be at risk. It’s almost certainly in the areas where you least likely expect data to reside. Without an awareness of the scope of the challenge, budgeting for and ultimately complying with GDPR is likely to be futile exercise.

There is a need to be aware of any attempts to breach your cyber security defences. As a forensics investigator, it is a failure to detect suspected breaches that generally leads to the pain associated with a data compromise. Picking up on threats as soon as they become apparent will generally neutralise the situation, putting you in a defensible position when proving you are compliant with GDPR.

Finally, you need to be aware of whom to call in the event of a suspected compromise. The sooner you engage your incident response partner, the sooner you will get on top of the situation and be in a position to stave off the fallout from a data compromise.    

Foregenix has considerable experience in the field data compliance and incident response. We work with a range of solutions and services partners to provide the breadth of knowledge required to help your organisation achieve and maintain GDPR compliance.   

GDPR will become EU Law on the 25 May 2018 and it will apply to all UK businesses regardless of the country’s status within the Union.   


Read More:

- What is Personally Identifiable Information?

Cyber Insurance: Why GDPR could make for more competitive premiums.


Guided Website Threat Review


Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More
Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More

Cyber Security Insights

Jake Dennys
24/11/17 15:17

Black Friday Sees Website Traffic Increase by 200%

Black Friday is upon us and as I’m sure you know, it comes hand in hand with lucrative tech discounts from across the industry. For businesses ...

Read More

Richard Jones
17/11/17 09:39

Successfully implementing GDPR: Compliance and Awareness

The General Data Protection Requirement (GDPR) is essentially about privacy. It relies on cyber security controls to ensure that legitimately used ...

Read More

Richard Jones
02/11/17 10:33

GDPR – Keeping things simple.

  Type GDPR into Google and you will get just shy of 6 million results. Factor in the complexity of each and every article and it’s easy to see why ...

Read More

Richard Jones
31/10/17 10:27

Data Discovery: The only place to start with GDPR

To those new to GDPR, it may appear like a complex task for which there are so many actions it’s almost impossible to know where to start. I would ...

Read More

Kirsty Trainer
26/10/17 15:02

Improving Cybersecurity in the Contact Center: How to Reduce the Risk of a Breach  [Webinar]

  The negative impact of a data breach has wide reaching consequences, it’s not something that can be solved with a “Sorry” and a slap on the wrist. ...

Read More