Check out this doc to know about how GDPR compliance deadline in EU & UK is changing the course of Data Protection.

1. Cigniti Technologies Blog
http://www.cigniti.com/blog/
What will be the Impact of GDPR
Compliance in EU & UK
Global leaders, business leaders, and high-flying executives are currently speaking at the World
Economic Forum 2018 about Big Data and the power that it will bring not just for businesses but also
for countries. On the same front there are contrary discussions happening around Cybersecurity and
Data Protection. Terrorism could be a threat for peace-loving nations, but cybersecurity is a growing
concern for nations, businesses, and even individuals. Every country/region has come up with its
own version of the Data Protection Act to safeguard data rights for their own people.
The Data Protection Act 1998 (c 29) is a United Kingdom Act of Parliament that was designed
to protect personal data stored on computers or in an organised paper filing system. It follows the
EU Data Protection Directive 1995 protection, processing, and movement of data.
Currently, there is a growing buzz around The General Data Protection Regulation (GDPR)
compliance, a regulation with which the European Parliament, the Council of the European Union,
and the European Commission intend to strengthen and unify data protection for all individuals
within the European Union (EU). GDPR compliance is applicable for all businesses operating within
the EU, which includes even the UK. The deadline for the same is May 25, 2018.
Implications of GDPR
GDPR will get enforced as a law across the EU on May 25, 2018, which implies that any business
operating within EU and UK just has about 4 months to comply with its guidelines. The underlying
objective of the regulation is to emphasise and provide more rights for individuals over their own
data and keep a thorough check on how companies use and process private and confidential
information.
Similar to any other compliance guidelines, there is a fair amount of ambiguity and anxiety around
GDPR, where organizations are even worried about being heavily penalised for non-compliance.
Nevertheless, this update to the data protection legislation across Europe comes as a major force.

2. Cigniti Technologies Blog
http://www.cigniti.com/blog/
While the turmoil continues, major social media platforms such as Facebook are making the
necessary modifications to deal with the changes. A recent news report states how Facebook will roll
out new privacy tools ahead of European GDPR laws. Facebook's COO, Sheryl Sandberg stated,
"We're rolling out a new privacy centre globally that will put the core privacy settings for Facebook
in one place and make it much easier for people to manage their data."
Social networking and digitization of communication has been constantly brushing the line between
access to information and privacy. Regulations such as these coerce organizations to look inwards
and evaluate the security protocols and measures that are taken to control the ebb and flow of data
(inward as well as outward).
At the same time, there are reports on how businesses are looking for software and privacy experts
with global organizations spending millions of dollars to comply with the upcoming GDPR
compliance guidelines.
This can be a good time to evaluate the aspects that enterprises must consider to secure data within
the organization.
Make Security a part of your system’s architecture
Including Security within the DNA of the organization is the best thing that enterprises must consider
to do away with any violations and incidents. The overall system has to be designed by keeping
integrated security into perspective instead of bringing it in at a later stage. When the architecture
of the organization is built, security protocols should be an integral part of the business process. In
fact, if needed, even a security officer or a security team must be created to enable compliance
across the organization.
Ultimately, bringing in security aspects within the architecture of enterprises while they are being
designed will solve complex security and data protection issues.
Robust BYOD policy
It’s no more about just safeguarding data on the computer systems within the organization.
Organizations are today offering employees the edge to get more flexible with their work habits and
environment. With this into perspective, enterprises are allowing employees to not only bring their
own devices within the office premises, but also offering them the flexibility to work from anywhere
anytime.
This creates tremendous anxiety and apprehensions around data security and protection.
Complications could be created in case there is a cyber-attack. Hence, the solution is to build a
strong password policy that comprises complex combination of alphanumeric and special characters.
Disabling of the systems and further enabling them should be a highly monitored activity for the IT
department. While organizations take care of the mobility needs of the workforce, security protocols
must cover all the possible devices within the premises.
Monitoring the Internet traffic
Without sounding dictatorial and autocratic in perspective, it is imperative for enterprises to
monitor the internet traffic and even the traffic that goes within internal networks. This is to monitor
the kind of information that gets transacted within nodes. This can be possible with an active firewall
policy that helps obstruct the traffic moving across malicious sites.

3. Cigniti Technologies Blog
http://www.cigniti.com/blog/
Firewall solutions must be chosen according to the nature of a business. For instance, if you are in
the business of media and communications, you cannot afford to obstruct news sites and social
networking portals. That’s your fodder for information!
In Conclusion
All this makes sense. Organizations have been considering it for a long period of time. However,
nothing can be foolproof. The question that pops up is: how does doing all this help if the
organisation’s system still get hacked?
It does help in many ways.
First, it becomes easier to find the loopholes and fix the issues for Disaster Management. It makes an
organisation more resilient, where it can bounce back into action. Having a strong security policy and
system in place enables organisations to comply effectively with any upcoming State or Federal
guidelines and rules.
Cigniti has a dedicated Security Testing Centre of Excellence (TCoE) that has developed
methodologies, processes, templates, checklists, and guidelines for web applications, software
products, networks, and cloud.
Connect with our dedicated team of security testing specialists with deep expertise spanning
multiple domains/industries, cutting-edge technological resources/tools.