Foregenix Blog

Richard Jones

Successfully implementing GDPR: Compliance and Awareness

GDPR, Cybersecurity

,17/11/17 09:39

The General Data Protection Requirement (GDPR) is essentially about privacy. It relies on cyber security controls to ensure that legitimately used Personally Identifiable Information (PII) is adequately protected against the numerousthreats that could serve to defraud or harm us as individual citizens. 

GDPR covers 173 recitals and 98 articles. I want to bring your attention to one very important passage at the start of Section 2 is article 32 - ‘Security of processing.’ It’s makes a short but important point. It states that organisations should have adequate controls in place to protect any PII that’s required.  

This is Cyber Security Awareness Month. GDPR is about being compliant, but it’s also about awareness for your company about GDPR and the implications of failing to comply.

The new regulations aren’t inherently complex or massively different to the aims of the Data Protection Act that came into effect in 1998. In the last 20 years the world has moved on, with the proliferation of data and the purposes to which it is used. It means we’ve got to update our approach to reflect the way PII is used and unfortunately abused.

Your organisation needs to know how the PII it hosts is used: how it comes into your business’ systems, is moved around and where it resides. By undertaking a data audit, you will highlight where you are most likely to be at risk. It’s almost certainly in the areas where you least likely expect data to reside. Without an awareness of the scope of the challenge, budgeting for and ultimately complying with GDPR is likely to be futile exercise.

There is a need to be aware of any attempts to breach your cyber security defences. As a forensics investigator, it is a failure to detect suspected breaches that generally leads to the pain associated with a data compromise. Picking up on threats as soon as they become apparent will generally neutralise the situation, putting you in a defensible position when proving you are compliant with GDPR.

Finally, you need to be aware of whom to call in the event of a suspected compromise. The sooner you engage your incident response partner, the sooner you will get on top of the situation and be in a position to stave off the fallout from a data compromise.    

Foregenix has considerable experience in the field data compliance and incident response. We work with a range of solutions and services partners to provide the breadth of knowledge required to help your organisation achieve and maintain GDPR compliance.   

GDPR will become EU Law on the 25 May 2018 and it will apply to all UK businesses regardless of the country’s status within the Union.   


Read More:

- What is Personally Identifiable Information?

Cyber Insurance: Why GDPR could make for more competitive premiums.


Guided Website Threat Review


Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More
Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More

Cyber Security Insights

Richard Jones
14/02/18 11:14

Foregenix Partner With Ground Labs To Strengthen GDPR Services

The clock is ticking and we are swiftly moving toward the GDPR deadline, with organisations of all shapes and sizes preparing themselves for the new ...

Read More

Jake Dennys
12/02/18 15:18

5 Steps To Make Your Travel Agency PCI Compliant

PCI compliance is no easy feat, it can be a challenge to obtain, but results in lasting consumer trust and peace of mind knowing their data is ...

Read More

Kirsty Trainer
07/02/18 12:34

Foregenix expands into Brazil with new São Paulo office

After an exciting growth period in 2017, we were able to officially launch Foregenix in Australia, extending our service delivery into the land down ...

Read More

Jake Dennys
06/02/18 09:30

Foregenix aim to help travel agents meet IATA accreditation deadline

Travel agents are in a  race against time to meet IATA’s deadline for PCI DSS compliance. They've been given the deadline of March 2018 to become PCI ...

Read More

Benjamin Hosack
05/02/18 13:45

Foregenix expands APAC presence with Dan Ball, Territory Manager. 

Foregenix has further expanded their APAC presence with the addition of Dan Ball to the team as a Territory Manager in Australia, with ...

Read More