Penetration testing and the EU GDPR

Data breaches are on the rise and affecting Irish organisations, most recently Eir and Cork City Council’s Park by Phone service. 

Criminal hackers are gaining access to organisations’ networks using a variety of techniques, so ensuring your network is secure should be high on your agenda. Penetration testing is an effective method of determining the security of your networks and web applications, helping your organisation identify the best way of protecting its assets. 

Article 32 of the GDPR (General Data Protection Regulation) requires organisations to implement technical measures to ensure data security. It highlights the need for “a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing”. 

Defects in web servers, web browsers, email clients, point-of-sale (POS) software, operating systems and server interfaces can allow attackers to gain access to an environment. However, to patch these vulnerabilities, you need to identify them first. 

Penetration tests are crucial because they provide a final, end-of-state check to make sure all the security controls required have been implemented correctly. They can also be used in the early stages of developing new processing systems to identify risks to personal data. 

Download our penetration testing green paper to discover: 

  • The GDPR’s requirements for security testing; 
  • Testing to fit security and budgetary requirements; 
  • Guidance for penetration testing; and 
  • An example of a GDPR testing regime. 

Download our free green paper ‘Penetration testing and the GDPR’ for practical guidance on how to conduct a penetration test that supports GDPR compliance. 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.