Pentest for General Data Protection Regulation (GDPR)

Since May 25th 2018, the European privacy legislation, the General Data Protection Regulation (GDPR), is put in operation. From this moment on, all organizations that process personal data are obliged to comply with the new privacy regulation. Striving and keeping up with compliancy brings a lot of pressure for organizations. Web Security Scan can partially alleviate this pressure with a penetration at network-, server- and application level.

In the GDPR it is recommended to assess privacy-sensitive applications and critical infrastructure for security risks and regularly test the effectiveness of security checks. 

Our GDPR penetration tests and vulnerability scans help organizations to comply with this recommendation. In addition, breach reports will be legally required (no later than 72 hours), so you cannot afford not to have performed a penetration test.


Obligations for organizations since the introduction of the GDPR

  • The compulsory execution of a Privacy Impact Assessment (PIA), when processing personal data that entail great privacy risks.
  • The obligation for organizations to establish a privacy policy.
  • Documentation obligation for individual processing, an amendment to the notification obligation under the current Data Protection Act.

Web Security Scan perform independent security researches/penetration tests to find security risks in privacy sensitive ICT-systems, in order for organizations to comply with requirements of the European General Data Protection Regulation and find out whether privacy sensitive data in these systems are actually safe.

Assure you comply to the European privacy regulation. Are you interested in what Web Security Scan can do for your organization? Request a quote below or contact us for more information.

8 areas of risk regarding privacy principles

NOREA, the professional organization of IT auditors, acknowledges the following risk areas stated in the Privacy Impact Assessment guidelines. Most of these risk areas are examined during a GDPR penetration test.

1Data minimization. 2Data quality. 3Purpose limitation and compatibility of further processing. 4Limits on the use of data.
5Data security. 6Transparency. 7Rights of those involved. 8Responsibility and accountability.

How does a penetration testing contribute to GDPR compliancy?

  • Penetration tests give you a complete analysis, not solely of the web application, but also of other defects.
  • It can mimic real-life attack scenarios, providing insight into how your security is prepared for this and to which elements require improvement to keep privacy-sensitive data safe and secure.
  • External and independent testing often analyses matters from a different perspective and can lead to new insights for improving security.
  • You can prove that you have at least taken certain measures, in order to prevent penalties in the unexpected case of a data leak.