Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

GDPR

Data protection is a necessity to ensure public trust in organisations, and to allow fair use of information about people. 

Read more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

GDPR stands for “General Data Protection Regulation” that sets out the key principles, rights and obligations for most processing of personal data.  It came into effect on 25.05.2018.

It’s a new privacy law that proposes to govern how different parties collect consumers’ data. The parties include government agencies, non-governmental agencies, online business properties by companies such as websites and website apps, games and payment processing services. This law affects companies such as manufacturing, retail, any business that have been known to collect user information when selling their goods and products. Although the stress will be on those companies and organisations that sell within the European Union. This law will affect companies and organisations in the UK as well despite the choice by the United Kingdom to leave the European Union. ICO (Information Commissioner's Office) regulates data protection in the UK.

If you are looking to read on UK data protection regime only, please head to our DPA 2018 section here.

GDPR - Why, Who, What.

Securing your network is cheaper than breach fines as high as 4% of the global turnover

Why it's important to protect data?

Data protection is a necessity to ensure public trust in organisations, and to allow fair use of information about people. 

Who does GDPR apply to?

This law applies if (official wording below):

You have information about people for any business or other non-household purpose. The law applies to any ‘processing of personal data’, and will catch most businesses and organisations, whatever their size.

GDPR is applicable to both 'controllers' and 'processors'. An example to understand this would be a payroll processing company . A controller is the payroll company client who determines "the purpose and manner in which data is to be processed" . A processor is the payroll handling company. A processor is acts on behalf of and only on the instructions of the controller. 

What is ‘personal data’?

Personal data means information about an individual (anyone no matter client, vendor, partner, employee, public official). This could be private or public information or about someone's professional life. Even if the information is somewhat anonymous however by relating it with other information allows identification of an individual, counts as personal data. 

Data Protection by Design. Get in Touch.
Call Us Now

GDPR Assessments

The following service offerings are in line with GDPR technical readiness and compliance. For detailed read on each of the areas, please visit the assessment section here.

Staff Awareness & Training

Supporting your staff to help them manage their data securely, including devices, technologies they use. Read more on our training service here

Security Monitoring

You need to ensure the systems processing the personal data are monitored for user activity including anamolous user activity.

Systems Security (Web applications, Servers)

Technical assessments around secure configuration, encryption, software vulnerabilities, common application security vulnerabilities such as OWASP Top 10

Data Protection

Technical controls to prevent unathorised or unlawful processing of personal data through the unauthorised access or use of user devices/storage media, backups, interception of data.

Manage The Risk

Technical Risk Assessments include secure configuration reviews, vulnerability scans and penetration testing. A good penetration should assess GDPR related aspects such as identity & access controls as part of active directory environment, password policy reviews, patching, information in transit & storage  mechanisms and measures in place.

Protect Data Against Attacks

Adhere to technical controls as laid out in appropriate frameworks such as Cyber Essentials. Defendza are a certifying body who can assess, validate and certify organisations based on the controls in scope for CE (Cyber Essentials) and CE Plus assessments

Data Protection Impact Assessment

This is basically a quick exercise to help you identify and reduce the data protection risks of your processing activities. 

Book a free 30-min GDPR Consultation.
Call Us Now

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company