2. www.impactqa.com | services@impactqa.com
What is GDPR?
General Data Protection Regulation (GDPR) is the
primary law regulating how companies protect EU
citizens' personal data.
What is GDPR compliance?
Under the terms of GDPR, organisations have to ensure
that personal data is gathered legally and under strict
conditions.
Who does GDPR apply to?
GDPR applies to any organisation operating
within the EU, as well as any organisations
outside of the EU which offer goods or
services to customers or businesses in the
EU.
What is personal data under the GDPR?
Personally identifiable information, including names,
addresses, date of births, social security numbers
Web-based data, including user location, IP address,
cookies, and RFID tags
Health (HIPAA) and genetic data
Biometric data
Racial and/or ethnic data
Political opinions
Sexual orientation
Penalities for Non-Compliance
For companies that fail to comply with certain GDPR
requirements, fines may be up to 2% or 4% of total
global annual turnover or €10m or €20m, whichever is
greater.
General Data
Protection Regulation
Introduction
3. GDPR Implementation
Support
Data Protection
Officer (DPO) Services
Privacy Impact
Assessments (PIA)
Data Protection
Audit
• Map data flows in and out
of the organization
• Establishing policies,
procedures and lines of
accountability
• Maintaining a system of
checks and balances to
ensure compliance with
GDPR
• Support for appointing a
DPO (onsite or virtual)
• Support for training in-
house Privacy Officers in
accordance with GDPR
• Enjoy better efficiency, risk
management and
productivity
• PIAs are an integral part of
Privacy of Design principle
• Conduct periodic PIAs on
your behalf and generate
appropriate reports
• Developing customized PIA
framework and
methodologies to integrate
with existing workflow
• Help in preparing for audits
by Data Protection
Commissioner through mock
drills
• Regular workshops, seminars
and Questionnaire based
audits
• Onsite inspection and Gap
Analysis
www.impactqa.com | services@impactqa.com
GDPR Compliance
4. www.impactqa.com | services@impactqa.com
Our Approach to Test
Define the
Organization
● Understand
Customer’s GDPR
obligations
● Assess existing
procedural controls
against GDPR
requirements
● Business Process
Framework to capture
scope of process
control
● Determine GDPR
implications for
Supply chain partners
Plan the
Roadmap
Consider
Options
Assess Existing
Process
Business
Understanding
● Assess business
processes against
GDPR
● Assess applications &
technology
architecture against
GDPR
● Assess 3rd Party
supply chain
compliance
● Identify new
controls–process,
technical and
procedure
● Confirm budget for all
remediation actions
● Create an agreed
roadmap between
the business & IT
supported by
business priorities
and constraints
● Mobilise remediation
team
● Confirm remediation
option to address
process compliance
gaps
● Confirm technical
remediation options
to address
compliance gaps
● Confirm 3rd party
remediation options
● Establish a risk based
assessment of all
remediation actions
● Define delivery
management controls
to ensure on-going
compliance
● Assess GDPR
implications on roles
& organisation design
● Introduce appropriate
segregation of duties
within the business &
across 3rd parties
5. Use Anonymyzation
Utilizes many techniques such as
encryption, generalization,
pseudonymization, and perturbation
Available for businesses to work
without breaching any live data
Documentation
Document the processing of individuals’ data in all
test environments
TDM Process involves profiling, subsetting,
masking, provisioning and forming a repository of
data in test environments
Using of Stringent data controls and centralized
data access for authorized access points
www.impactqa.com | services@impactqa.com
Test Data Audit w.r.t. GDPR Guidelines
Adopting Synthetic Data
Data masking, synthetic data eliminates the risk of exposing personal
information
Data Masking is a process of hiding specific fields such as first
name, last name, and address
The synthetic data framework creates data based on the design,
testing rules, & environments created by an organization
Audit
Audits help to restrict the external users
By creating robust test Data management and processes, it helps
to control & protect the security and privacy of the data
Regular audits will help to keep your test data secured,
preventing inappropriate use of personal test data
6. Website & Mobile
Vulnerability Assessment & Penetration Testing
GDPR Compliance
Governance, Risk and Certifications
People
Cyber Security Training
Analysis & Policy
Log Analysis ,PII Access Policies
Anti-Ransomware
Protect Company from Ransomware Attack
www.impactqa.com | services@impactqa.com
Our Offerings for GDPR & Security Testing
7. Contact Us:
• Dr. Arvind Sharma
Arvind@impactqa.com
+41 152 5340 6359
• Marijike Michielsen
marijke@impactqa.com
+31 653 461 750
Our Offices:
GERMANY
Tannestrasse 16, 82049, Pullach, Germany
NEW DELHI
68 AD, Noida Special Economic Zone, Noida-Dadri Rd, Phase-2,
Noida, Uttar Pradesh – 201305
NEW YORK
597 5th Avenue, 12th Floor
New York, NY 10017
Visit Us at www.impactqa.com
www.impactqa.com | services@impactqa.com
8. “ Team ImpactQA is one of the finest
and most diligent professionals I have
had the opportunity of working with.
The team displays high level of
technical competency and professional
conduct. They pointed out some really
critical vulnerabilities in our
equipments and suggested practical
remediations. They patiently discussed
every aspect of security with our
biomedical and network teams. It was
a remarkable experience. “
Technical group
Challenges
● Assess vulnerabilities present in the application of the company
● Protecting the user data from being misused and made public
● Safeguarding the application from being abused to distribute malware
● GDPR compliance Test
________________________________
Solution
• Detailed Planning for GDPR compliance testing was prepared with right set of inputs from
Customer. The Data set created were fully compliant to the GDPR
• In order to deal with the issue of parameter tampering, we suggested the organization that
parameters should be verified at the server and the response of the server should be matched with
the request sent by the application
• We suggested critical changes in the application’s architecture and authentication mechanism
• We suggested them to modify their application flows to prevent data loss and hijacking of privileges
• Detailed documentation of the vulnerabilities discovered in the application was provided, explaining
the problem, its cause and remediation
Case Study : Security Testing of a German based Real Estate Platform
www.impactqa.com | services@impactqa.com