The 25th May is getting closer.
Are you ready for the GDPR deadline?
Our GDPR Unlocked event on 2nd and 3rd May (London and Manchester) is open to all businesses across the UK. Throughout both mornings, industry experts will be there to guide you through the steps to GDPR compliance, offering one-to-one guidance, a LIVE data breach scenario workshop and a ‘next steps’ checklist to ensure your business is where it should be in the compliance process.
Paul Mason, Head of Training and Education at UKFast’s ethical hacking arm Secarma, is one of our guest speakers who will be guiding you through all things GDPR and cybersecurity.
How will GDPR affect you?
If you’re a business that gathers, processes and stores any EU citizen’s personal data then you will need to comply with the GDPR. Many businesses will be flying into a frenzy on how they will go about making the changes and what changes they need to make.
Organisations may be obsessing over complying with the legal components of the GDPR but what about the cybersecurity perspectives that GDPR brings? That’s why GDPR Unlocked will demonstrate a LIVE data breach scenario to show how easily the GDPR can be breached and what your business should do in practice.
Equifax was recently in the press as it lost data pertaining to tens of millions of individual credit records due to un-updated systems. TalkTalk suffered a similar loss of information due to a web application flaw which robust testing would have uncovered. The list of examples of these simple errors goes on.
From our perspective, GDPR changes this. Article 32 of GDPR states that organisations should take “appropriate technical measures” to protect data. This can be seen as a worrying term. What measures are “appropriate” for one organisation may not be “appropriate”, or even achievable, for another.
Let’s take a closer look
Article 32 requires organisations to focus on:
(a) The pseudonymisation and encryption of personal data;
(b) The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
If data is suitably encrypted, in the event of a breach, it will be useless to the attacker.. Systems should be designed with confidentiality, integrity and availability in mind.
If we look at these requirements from the perspective of a DDOS attack, we can see that this would affect the availability of data by denying access to legitimate users. If a database is lost through a malicious compromise, confidentiality is lost. If a database can be altered through a poorly coded web application, its integrity is at risk.
How can data stay secure?
So how do we ensure that our data remains secure? How do we show that “appropriate measures” have been put in place?
Frequent testing not only uncovers existing problems, but ensures that data and systems are secured against evolving techniques and vulnerabilities.
The security landscape is constantly changing, GDPR can be seen as an opportunity rather than a threat. Secarma focuses on robust cybersecurity, assured by regular testing is vital to the success of any organisation and the safety of user data in an increasingly online world.
Register your place at GDPR Unlocked London
or GDPR Unlocked Manchester