Despite the challenges posed by the General Data Protection Regulation (GDPR), it should be seen as an opportunity, and not a threat, for enterprises aspiring to succeed in a new territory as defined by more stringent governance over the security and use of online user data. On 25 May 2018, the European Union imposed the GDPR to protect the data privacy of the EU’s citizens. Entities with an online presence within the EU as well as those who provide products or services of any kind to EU citizens are obliged to comply. Failure to do so will attract hefty penalties.
The rule requires that site owners and service providers do their best to safeguard data privacy. At the same time, their data collection methods must be transparent. In addition to that, site owners must take “appropriate technical and organizational measures” to safeguard customer information. They must also set up and maintain secure IT infrastructure that can “resist, at a given level of confidence, accidental events or unlawful and malicious actions”. Two examples cited by GDPR (recital 49) are “preventing illicit access” and “stopping denial of service attacks and damage”.
In the age of increasing global concerns over data safety and security, both these points deserve equal scrutiny.
The underlying principle isn’t that difficult to implement. Site owners need to prevent accidental or malicious incidents that compromise the “availability, authenticity, integrity and confidentiality of stored or transmitted personal data” by whatever means possible. . These may include, but are not restricted to, proper protection against intrusion and DDoS attacks on applications, websites and backend networks.
How does Nexusguard help you with GDPR compliance?
● Web Application Protection.Implementing Nexusguard’s cloud-based Web Application Protection (or WAF) can help you adopt the OWASP privacy and security best practices effortlessly. Your web applications and APIs are also protected from major threats on data security, which include cross-site scripting, SQL-injections and brute force passwords hacking.
● DDoS Protection. Defending against DDoS attacks is perhaps the most necessary security measure to protect the accessibility of network and online services. Nexusguard Cybersecurity Platform is exactly designed to mitigate L3/4-L7 attacks on websites, networks and DNS servers. Moreover, Article 32 of GDPR stipulates that organizations must regularly test, assess and evaluate the effectiveness of data protection measures. All our solutions are centrally managed and regularly updated to patch against the latest threats while being superbly responsive to zero-day attacks.
● PCI-compliant Cybersecurity Vendor. The GDPR stipulates that organizations must document and, upon request, be able to prove that all the personal data they process is appropriately and sufficiently protected. As a PCI-compliant (level 1) cybersecurity service provider, Nexusguard is committed to the protection of customers’ credit card data and sensitive information when they are stored, processed or transmitted across our platform. Our ISO 27001 certification ensures the highest standards of control.
● Access to Log Data. Nexusguard’s Customer Portal can help you move towards compliance for your website and security log. You can download the raw log files of all requests, including legitimate and malicious ones, made to their website or network. Log entries include URLs requested access to, timestamps as well as source IP addresses of visitors.
Simply put, GDPR is a turning point in personal data protection policies and has a far-reaching impact on organizations, especially those with an online presence in the EU. Although the data protection and security practices required by GDPR may look like a daunting challenge, you can also turn it into an opportunity. Where others perceive a threat, an opportunity also lurks.
To succeed in the new era in online data protection, organizations must have the required security measures, including those provided by Nexusguard, in place to ensure the “availability, authenticity, integrity and confidentiality of stored or transmitted personal data.”
To know more on this and other related topics, check our white paper: Surviving GDPR Means Success in New Internet Era