You may have heard about this new piece of EU legislation which is coming into force from the 25th May 2018. If you haven’t started the process, I have posted a URL below where you can start from:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

The GDPR will encompass websites, databases and servers that hold personal information that you maintain and/or have access to and use.

One aspect of the GDPR is ensuring that systems are secure. Running regular PCI Compliance Scans and Penetration Tests against each service is a good way of identifying and highlighting potential issues within running systems and allow the maintainer to act upon these issues and patch recognised security flaws or mark them as false positives.

Another part of the GDPR is ensuring that all your members of staff are familiar with the new regulation, what it means, and how to handle personal data and requests from individuals, including requests to delete personal data from your systems.

Don’t get caught out! The deadline is the 25th May 2018 and the UK are adopting this EU law beyond Brexit.