The GDPR brings new obligations for organizations, such as:
- The compulsory execution of a Privacy Impact Assessment (PIA), when processing personal data that entail great privacy risks.
- Documentation obligation for individual processing, an amendment to the notification obligation under the current Data Protection Act.
Web Security Scan perform independent security researches/penetration tests to find security risks in privacy sensitive ICT-systems, in order for organizations to comply with requirements of the European General Data Protection Regulation and find out whether privacy sensitive data in these systems are actually safe.
Be prepared for the upcoming European privacy regulation. Are you interested in what Web Security Scan can do for your organization? Request a quote below or contact us for more information.
8 areas of risk regarding privacy principles
NOREA, the professional organization of IT auditors, acknowledges the following risk areas stated in the Privacy Impact Assessment guidelines. Most of these risk areas are examined during a GDPR penetration test.
How does a penetration testing contribute to GDPR compliancy?
- Penetration tests give you a complete analysis, not solely of the web application, but also of other defects.
- It can mimic real-life attack scenarios, providing insight into how your security is prepared for this and to which elements require improvement to keep privacy-sensitive data safe and secure.
- External and independent testing often analyses matters from a different perspective and can lead to new insights for improving security.
- You can prove that you have at least taken certain measures, in order to prevent penalties in the unexpected case of a data leak.