GDPR Penetration Testing
Comply with the GDPR requirements for assessing privacy-sensitive applications and critical infrastructure by performing a consultant led Penetration Test with Pentest People.
Ensure Article 32 of GDPR is complied with by Penetration Testing your infrastructure.
Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.
Rest assured that your assessments are performed by qualified Security Consultants
The General Data Protection Regulation (GDPR) is an EU regulation that concerns data protection and privacy for all individuals within the European Union. GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment by unifying the regulation within the EU.
GDPR came into effect on the 25th May 2018 and marks the biggest change in Data Protection Law in the last 20 years.
Failure to comply with the GDPR can ultimately lead to a €20 Million or 4% of your annual gross revenue fine. The GRPR is enforced in the UK by the Information Commissioners Office (ICO).
GDPR is a complex set of regulations that is quite onerous for the organisation undergoing compliance. As well as the policies and procedures, it is imperative that you ensure that any breaches are prevented and here at Pentest People we feel that regular Penetration Testing both your Infrastructure and Web Applications is an ideal place to start to prevent any breaches and further investigation from the Information Commissioners Office.
Article 32 of the GDPR relates to security testing and clearly states that “a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing” must be in place.
Furthermore, the ICO website makes specific reference to penetration testing “Run regular vulnerability scans and penetration tests to scan your systems for known vulnerabilities – make sure you address any vulnerabilities identified.”
As it is clear that a common entry point into any corporate network when under attack is through the exploitation of vulnerabilities, Pentest People feel that a properly planned Penetration Test is essential as a part of your GDPR compliance.
Pentest People are part of the Storm Technology Group.
Data Protection People are one of the group companies that specialises in Data Protection Consultancy and provides an outsourced Data Protection Officer (DPO) Managed Service. They can assist in all aspects of GDPR complaince.
An Infrastructure Penetration Test is a full consultant-led assessment of the security of your external and internal infrastructure. Pentest People use industry leading methodologies and tools to identify the latest software and configuration vulnerabilities for all devices on your network.
An Internal Penetration Test is where a consultant would be placed within your corporate environment and connected to your internal network looking for security issues from the inside.
An External Penetration Test is where a consultant looks for security issues from the outside of your network, generally over the public Internet.
A Vulnerability Scan is performed by a software tool that scans the network and checks available services for known vulnerabilities. A Penetration Test takes this one step further and uses a consultant to check for vulnerabilities that an automated scanner cannot find as well as to manually confirm any identified vulnerabilities.
The deliverable from this service is a full Penetration Test Report that is uploaded to our SecurePortal and available for you to interact with.
This differs from the competition in the way this is delivered and we believe this is a much clearer way to work with an manage the results of the assessment.