Introduction

Data Protection has become a major consciousness across the Globe. We the latest controversy between Cambridge Analytica and Facebook, it became an eye opener for Citizens, Enterprises and all different stake holders in the community. With the present context “General Data Protection Regulation (GDPR)” from European Union stands more relevant as the cut off for compliance is 25^th May 2018 across the Europe.

As more and more cyber-attacks are reporting every day, there is an essential need for a stringent data protection law implemented across profit and non-organizations who store, process, handle and manage people’s data.

GDPR is a regulation not a directive which allows each member country to create laws to achieve the result set by the direction. Therefore, as a regulation GDPR is a unified approach that enforces all the member countries to follow each and every guideline stated by GDPR to be GDPR compliant.

How to be GDPR Compliant?

There are certain guidelines and key pointers to protect Business and make Customer compliant to GDPR. Here are few key pointers:
1 Documentation of Data Usage:

Customer should have well-documentation of certain aspects that is:

• Which information of personal data is being collected and is processed for what reason.
• Until when this data will be stored.
• Who will be accessing the data.

In simple words, organizations must maintain an end -to-end documentation of data processing activities, along with the life-cycle of data which will contain the name and contact details of the data controller.

2 Reporting of Personal Data Breaching:

As personal data usage description is given importance, reporting of personal data breaches becomes mandatory. Under Article 33 of the GDPR, in case of a personal data breach organizations to the DPA within 72 hours from the time the incident occurred; also detailed information about breach along with measures taken should be provided. Depending upon the severity of the breach, organizations should inform individuals whose personal data has been affected due to the breach “without delay.”

3 Deployment of Data Protection Officer:

It does not matter that whether Customer have a small company or a larger one, Customer will be required to have a data protection officer to monitor organizational compliance with the regulation. He will be required to report directly to the highest management of the organization, and must be accountable for overall data privacy programme.

4 Data Protection Impact Assessment: 

Data protection impact assessments will be required for technology or processes that are likely to be of high risk to the individuals, for example data profiling. This assessment will also reveal to the supervisory authorities that whether the data is processed in accordance to the law or not.

How VAPT can help on Data Protection on GDPR Compliance

The GDPR recommends that Customer applications and critical infrastructure must be assessed for not only identifying the existing security vulnerabilities but also for making sure that how secure the entire infrastructure is in terms of attack prevalence. Along with this assessment, GDPR recommends for the regular testing of the security controls. To meet these recommendations, services such as penetration testing and regular vulnerability assessments would help. Moreover, as per GDPR norms, the breach report has to be submitted within 72 hours of attack and to make this possible, vulnerability assessment and penetration testing must be performed.

How Prime can add values on VAPT

A Vulnerability Assessment is a process through which the existing vulnerabilities in the application and infrastructure are identified.

At Prime, our experts will examine and perform a vulnerability scan for Customer application, infrastructure and also firewalls within organization to identify the threats which can be exploited by hackers.

Our vulnerability report will list out all the existing vulnerabilities in Customer landscape with the identified vulnerabilities classified into critical, high, medium and low based on the risk assessment. This report will act as a ‘baseline’ for organizations to move forward on their cyber-security.

Alongside a clear explanation of the risks, our Vulnerability Report will also include all the deviations that exists and suggest best practices with a comprehensive remedial advice and a set of recommendations for action.

In effect organization can work on the security posture to have futuristic cyber-safe heterogeneous environment.

Penetration Testing for Security Hardening

At Prime, we have dedicated team of world class Security Professionals to attempt for penetration of  Customer applications by safely exploiting any vulnerabilities found. Our Penetration Testers will utilize the same techniques and tools that a real hacker would use, but of course without the malicious intent.

Our expert will perform pen tests either with partial internal access (these pen tests are called grey box tests) or from an external location to replicate real world attacks like a real hack (these pen tests are called black box tests). Our report will provide a very clear picture of the status of Customer infrastructure and will offer the opportunity to build the strongest of defenses for your enterprise.

With our deep understanding of latest security methodologies and years of experience in providing penetrating testing services, we have built an incomparable penetration testing capability.

Conclusion:

GDPR is a major step by European Union to address the security concerns of the citizens by drawing in the essential norms of security of the infrastructure and application. To maintain security and to avoid any kind of breaches in application and infrastructure, Vulnerability Assessment and Penetration Testing are often blended together as per the clients request or it is offered as individual components. These two activities will contribute in helping organization against cyber-threats and to be GDPR compliant.

In case of any further query or assistance on this front, you may write to us at info@primeinfoserv.com