GDPR Penetration Testing
The General Data Protection Regulation (GDPR) is an EU regulation that concerns data protection and privacy for all individuals within the European Union. GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment by unifying the regulation within the EU.
GDPR came into effect on the 25th May 2018 and marks the biggest change in Data Protection Law in the last 20 years.
Article 32(1) the GDPR instructs us to implement “a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing” This can be performed by implementing a thorough Penetration Testing system to ensure regular checks of your infrastructure and web applications are performed.
What Are The Risks?
Failure to comply with the GDPR can ultimately lead to a €20 Million or 4% of your annual gross revenue fine. The GRPR is enforced in the UK by the Information Commissioners Office (ICO).
GDPR is a complex set of regulations that is quite onerous for the organisation undergoing compliance. As well as the policies and procedures, it is imperative that you ensure that any breaches are prevented and here at Pentest People we feel that regular Penetration Testing both your Infrastructure and Web Applications is an ideal place to start to prevent any breaches and further investigation from the Information Commissioners Office.
How Can We Help?
Article 32 of the GDPR relates to security testing and clearly states that “a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing” must be in place.
Furthermore, the ICO website makes specific reference to penetration testing “Run regular vulnerability scans and penetration tests to scan your systems for known vulnerabilities – make sure you address any vulnerabilities identified.”
As it is clear that a common entry point into any corporate network when under attack is through the exploitation of vulnerabilities, Pentest People feel that a properly planned Penetration Test is essential as a part of your GDPR compliance.
GDPR Penetration Testing allows
access to SecurePortal
Understand that a properly planned Penetration Test from Pentest People is essential as a part of your GDPR compliance.
- Comply with Article 32 of the GDPR regarding the process for testing, assessing and evaluating technical and organisational measures
- Identify Security Vulnerabilities within your organisation allowing you to proactively remediate any issues that arise
- Improve your security posture, allowing you to reduce the threat of a cyber attack occurring against your business
- Be able to prove to your supply chain that you are taking the necessary precautions to ensure your strong security posture
- Be able to focus efforts on important security issues by identifying the high-risk items identified in the Web Application report
An Infrastructure Penetration Test is a full consultant-led assessment of the security of your external and internal infrastructure. Pentest People use industry-leading methodologies and tools to identify the latest software and configuration vulnerabilities for all devices on your network.
An Internal Penetration Test is where a consultant would be placed within your corporate environment and connected to your internal network looking for security issues from the inside.
An External Penetration Test is where a consultant looks for security issues from the outside of your network, generally over the public Internet.
A Vulnerability Scan is performed by a software tool that scans the network and checks available services for known vulnerabilities. A Penetration Test takes this one step further and uses a consultant to check for vulnerabilities that an automated scanner cannot find as well as to manually confirm any identified vulnerabilities.
The deliverable from this service is a full Penetration Test Report that is uploaded to our SecurePortal and available for you to interact with.
This differs from the competition in the way this is delivered and we believe this is a much clearer way to work with and manage the results of the assessment.