General Data Protection Regulation
The European Union (EU) passed the General Data Protection Regulation (GDPR) to help ensure the privacy rights of EU citizens by addressing the export of personal data outside the EU and creating a more stable and predictable regulatory environment.
The regulation, which went into effect in May, 2018, applies to all companies that process the personally identifiable information (PII) of EU residents, regardless of the company’s location or where data processing takes place.
Under the GDPR, data controllers will be expected to report all possible data breaches to the relevant EU authorities within 72 hours of detection. Users affected by data breaches must also be notified by the company with few exceptions.
Contextual Security now provides our clients with expert level security and compliance driven services to help you become GDPR compliant. We can perform penetration testing, web application testing, application assessments, physical/environmental assessments, forensics and compliance assessments and validation.
The GDPR requires changes to the way organizations manage, store, transfer, and delete customer data and penalties for noncompliance will be substantial.
Companies must now be able to prove that a specific user not only gave their initial express consent to have their data stored, but also that the user’s consent records are accurate and up to date.
Fortunately, Contextual Security is here to help you improve your privacy and cyber security profile – so you can effectively implement GDPR. We carry many certifications including CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CE/H (Certified Ethical Hacker), QSA (Qualified Security Assessor), GPEN (GIAC Certified Penetration Tester), and GWAPT (GIAC Web Application Penetration Tester).
Contextual Security is your trusted security and compliance partner.
If you meet any of the following criteria, you must comply with the GDPR:
- Have EU customers or employees, regardless of the organization’s physical location
- Sell services to organizations that are exposed to GDPR (i.e., cloud service providers)
- Plan to expand into Europe in the near future
Benefits of Compliance
By complying with GDPR, you can help protect your organization from fines that can amount to up to 20 million Euros or 4 percent of your global revenue from the previous year, whichever is higher.
But, the benefits are not limited to avoiding risk. Having a solid, readily verifiable GDPR compliance program also can serve as a competitive differentiator, especially for companies that provide cloud or managed services to customers who are required to comply with GDPR. Additionally, GDPR compliance can help you demonstrate to customers that you are committed to protecting their right to privacy and their sensitive, personal data.
Contextual Security can help you achieve GDPR using the following methods:
- Gap analysis: Our team will conduct a compliance analysis of current information systems against GDPR. Findings include current compliance posture, identification and verification of organization security boundaries, system policies and procedures status, and roadmap for GDPR compliance.
- Advisory: We tailor our approach to help you put our recommendations into action and adapt to GDPR changes in preparation for, and then following, enforcement of the regulation.
- Assessment: Our team will identify your organization’s readiness and provide strategic and tactical recommendations for next steps.
- Compliance automation dashboard: For companies leveraging a security and monitoring analytics tool (e.g., Splunk), Contextual Security’s SaaS based compliance tool, illumino, can automate controls for GDPR and provide a single pane view of your compliance status in real time.
Please contact one of our Enterprise Consultants for a free sample report.