logo.png
WEBSITE SECURITY HEALTH CHECK

Foregenix Blog

Richard Jones

Successfully implementing GDPR: Compliance and Awareness

GDPR, Cybersecurity

,17/11/17 09:39

The General Data Protection Requirement (GDPR) is essentially about privacy. It relies on cyber security controls to ensure that legitimately used Personally Identifiable Information (PII) is adequately protected against the numerousthreats that could serve to defraud or harm us as individual citizens. 

GDPR covers 173 recitals and 98 articles. I want to bring your attention to one very important passage at the start of Section 2 is article 32 - ‘Security of processing.’ It’s makes a short but important point. It states that organisations should have adequate controls in place to protect any PII that’s required.  

This is Cyber Security Awareness Month. GDPR is about being compliant, but it’s also about awareness for your company about GDPR and the implications of failing to comply.

The new regulations aren’t inherently complex or massively different to the aims of the Data Protection Act that came into effect in 1998. In the last 20 years the world has moved on, with the proliferation of data and the purposes to which it is used. It means we’ve got to update our approach to reflect the way PII is used and unfortunately abused.

Your organisation needs to know how the PII it hosts is used: how it comes into your business’ systems, is moved around and where it resides. By undertaking a data audit, you will highlight where you are most likely to be at risk. It’s almost certainly in the areas where you least likely expect data to reside. Without an awareness of the scope of the challenge, budgeting for and ultimately complying with GDPR is likely to be futile exercise.

There is a need to be aware of any attempts to breach your cyber security defences. As a forensics investigator, it is a failure to detect suspected breaches that generally leads to the pain associated with a data compromise. Picking up on threats as soon as they become apparent will generally neutralise the situation, putting you in a defensible position when proving you are compliant with GDPR.

Finally, you need to be aware of whom to call in the event of a suspected compromise. The sooner you engage your incident response partner, the sooner you will get on top of the situation and be in a position to stave off the fallout from a data compromise.    

Foregenix has considerable experience in the field data compliance and incident response. We work with a range of solutions and services partners to provide the breadth of knowledge required to help your organisation achieve and maintain GDPR compliance.   

GDPR will become EU Law on the 25 May 2018 and it will apply to all UK businesses regardless of the country’s status within the Union.   

 

Read More:

- What is Personally Identifiable Information?

Cyber Insurance: Why GDPR could make for more competitive premiums.

 

View GDPR SERVICES

TRENDING POSTS

David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More
Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More

Cyber Security Insights

Jake Dennys
10/08/18 09:17

Foregenix Launch New Webscan Service!

Recently our security experts have been busy overhauling our free external scanning tool. Having done some fine tuning, added a plethora of new ...

Read More

Jake Dennys
09/08/18 11:49

P2PE: How, what and why – The PCI SSC Latin America Forum.

We’re excited to be showcasing a Point-to-Point-Encryption led presentation at the PCI SSC Latin America Forum on August 15th. As industry leaders ...

Read More

Jake Dennys
16/07/18 11:38

Stronger and more frequent Brute Force Attacks are now the norm

Brute force attacks have plagued the internet for years. It’s a fairly simple concept; attempt every combination of words/numbers until the right one ...

Read More

Jake Dennys
11/07/18 10:31

Foregenix Place #4 In The Growth 100!

It’s been an exciting year for us, awarded consultancy practice of the year and best tech security; then named in the Sunday Times Export Track 100 ...

Read More

Jake Dennys
09/07/18 09:47

Digital Forensics in the Asia-Pacific region

As a global cybersecurity company, we are constantly striving to provide a better service for our clients. We are happy to report that our Digital ...

Read More