The General Data Protection Regulation (GDPR) is the EU regulation that concerns data protection and privacy for all individuals within the European Union. GDPR aims to give individuals control over their data and simplify the regulatory environment by unifying the regulation within the EU. It came into effect on the 25th of May 2018 and marked the most significant change in Data Protection Law in the last 20 years.
Article 32 of the General Data Protection Regulation (GDPR) relates to security testing. It states that:
"a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing" must be in place for all businesses that process data.
In today's increasingly connected world, it is almost impossible for any business to exist without processing data.
The United Kingdoms Information Commissioners Office (the ICO) website makes specific reference to penetration testing. The ICO ruled that:
"Run regular vulnerability scans and penetration tests to scan your systems for known vulnerabilities and make sure you address any vulnerabilities identified."
A properly planned and executed penetration test is essential for all businesses to be deemed compliant with the European GDPR as the UK's ICO rulings.
GDPR Compliance Testing at Hedgehog is part of our Continual Penetration Testing Service. With this service, you have full access to the Secure platform and other security tools.
Failure to comply with the GDPR can ultimately lead to a €20 Million or 4% of your annual gross revenue fine. The GRPR is enforced in the UK by the Information Commissioners Office (ICO).
GDPR is a complex set of regulations that is quite arduous for the organisation undergoing compliance. As well as the policies and procedures, you must ensure that you have done everything in your power to prevent data breaches.
Regular penetration testing of both your Infrastructure and Web Applications is an ideal place to start to prevent any breaches and further investigation from the Information Commissioners Office.
Understand that an adequately planned Penetration Test is essential as a part of your GDPR compliance.
Comply with Article 32 of the GDPR regarding the process for testing, assessing and evaluating technical and organisational measures;
Identify Security Vulnerabilities within your organisation, allowing you to remediate any issues that arise proactively;
Improve your security posture, allowing you to reduce the threat of a cyber-attack occurring against your business;
Be able to prove to your supply chain that you are taking the necessary precautions to ensure your strong security posture; and
Be able to focus efforts on exploitable security issues by identifying the high-risk items identified in the Web Application report.