Under the GDPR, organisations need to have appropriate technical and organisational measures in place to protect personal data against unauthorised or unlawful processing, accidental loss, destruction and damage (Article 5).
Article 32 states that security processing should include:
The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of data processing
The need to report data breaches
Also mandated by the GDPR is the need to have robust procedures in place to detect and investigate personal data breaches as well as report them within 72 hours to a relevant authority and, in high-risk cases, to affected individuals (Articles 33 & 34).
In situations where data processing is likely to result in high risk to individuals, such as when a new technology is deployed or where special categories of data are processed on a large scale, the GDPR requires organisations to conduct a Data Protection Impact Assessment (DPIA). A DPIA should include:
A systematic description of processing operations, including the purpose for the processing
An assessment of the necessity and proportionality of the processing operations
An assessment of the risks to the rights and freedoms of individuals
Measures to address identified risks, including safeguards and mechanisms to ensure the protection of personal data
Tailored solutions for GDPR compliance
By helping you to understand and address gaps in your organisation’s cyber security as well as proactively detect and remediate threats when they occur, Redscan’s cost-effective managed cyber security services support swift, hassle-free GDPR compliance.