The General Data Protection Regulation (GDPR) is a regulation designed to enhance data protection for European Union (EU) residents and provide a consolidated framework to guide organizational usage of personal data across the EU. The reach of the GDPR is extensive, so even if your organization did not have to comply with EU data privacy laws before, starting May 25th, 2018, you may be impacted.
If the answer is “YES” to any of the following questions…
- Does my organization offer goods or services to individuals?
- Does my organization monitor the behavior of individuals?
- Does my organization have employees in the EU?
Then the GDPR may apply to your organization and Digital Defense can help.
Not every industry with regulatory compliance explicitly requires pen testing and/or vulnerability management. HIPAA, for example, does not state outright a requirement for either. But, it does require a risk analysis – which requires covered entities to test their security controls in an effort to validate exposure to actual vulnerabilities.
The Payment Card Industry Data Security Standard (PCI DSS) does, however, require companies that accept, store, process and/or transmit credit card information to meet twelve specific compliance requirements, two of which require an explicit vulnerability management program:
Requirement 6: Develop and maintain secure systems and applications.
Requirement 11: Regularly test security systems and processes.
Digital Defense fully understands the challenge of meeting today’s Payment Card Industry (PCI) compliance standards. In fact, the company was the first vendor to provide PCI compliance as a managed service, and remains one of the world’s longest tenured Approved Scanning Vendors (ASV).