How does a Personal Data Breach and attack simulation assist with the GDPR? - Jaz'ing Up GDPR!
 Login | Forgot Password | My Account | Contact

How does a Personal Data Breach and attack simulation assist with the GDPR?

Organisations must implement reasonable data protection measures to protect EU citizens’ Personal Data and privacy against loss or exposure, and demonstrate compliance of Processing activities.

Personal Data Breach and attack simulation can assist in the following ways:

  • Continuously validate security controls (Article 25, 32) – Breach and attack simulation can minimise security exposure and continuously validate that ’state of the art’ security controls that have been deployed are actually working.
Say, security teams that have implemented security controls that only allow certain types of data to travel between networks or data centres. They can use simulation to prove their implementation is sound, or identify configuration errors in security deployments that may lead to a Data Breach. More importantly, this validation uses ’real attack techniques’, generating a more accurate reflection of enterprise risks.
  • Prepare for the GDPR Impact Assessments (Article 35) – Breach and attack simulation can prepare security teams for impact assessments. Specifically, it can be used before an actual assessment to assess the ’measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance’.
  • Justify the GDPR investment – Breach and attack simulation can provide real security data, to prove whether further GDPR security investment is required for compliance.  Security investment is, too often, a ‘gut feel’-based measure, as actual security has, until now, been difficult to measure. This means executive teams only started appropriate security investment after a Data Breach has occurred.

Where can I find out more information about {term}?

The Jaz'ing Up GDPR! book covers {term} in more detail in a fun and easy to understand way without all of the bureaucratic legalise that is common in all other books and discussions about the GDPR.

The book is full of cartoons and call outs to make it easier to grasp what GDPR is all about and is split into 3 main sections.

  • GDPR Nuts and Bolts explains everything you need to know about the GDPR and {term}.
  • Staff Toolbox that is designed for staff who work with personal data and need to get a grounding on the subject.
  • Your Rights as a Data Subject is written from the point of view of the individual person who is affected by the GDPR so that they know there rights and the types of things they will be asking for.

Find out more about the book here.

Was this answer helpful?
No 0
The information provided on this website is for educational purposes only and does not constitute legal advice. We recommend that you take the appropriate legal advice where you think it is needed.


Our website uses cookies. By continuing to use our site you are agreeing to our Cookie Policy. Please press the Accept button to allow our website to use cookies to provide you with the full features available.