GDPR Toolkit

We've compiled our best GDPR resources, including blog posts, videos and tip sheets to keep help your organization comply with the impending GDPR mandate. 

GDPR Compliance Blogs

The Top 5 Application Security Activities for GDPR

Part IYou may be thinking that GDPR is a compliance requirement that legal should worry about. You may think that application security has little to do with this new regulation. Think again! The truth is that applications (AKA software) run everything. The data collected from the data subjects is done by software, the data is then analyzed by software and is presented... LEARN MORE >

The Top 5 Application Security Activities for GDPR

Part IIWhen looking at any modern application, one will find a myriad of components, frameworks, APIs and code snippets written by various developers inside and outside your organization. Not all of them are as secure as they should be, and not all of them default to the most secure protocol, design pattern or follow best practices for the type of data your application is processing...LEARN MORE >

4 Steps to Making Compliance a Breeze

Many organizations are required to regularly educate employees about security responsibilities and best practices to meet compliance requirements, including GDPR, PCI-DSS, HIPAA, NIST and more. With well-rounded security awareness and application security training programs, your teams will better understand their roles and responsibilities around maintaining compliance…LEARN MORE >

GDPR in 2 Minutes

Got 2 mintues? Learn what GDPR is and what it means for your organization.

GDPR Training Course Trial

Our GDPR learning paths were designed to provide learners with a natural progression, based on their role and day-to-day functions for becoming proficient in GDPR Compliance.

To that end, we are offering, for a limited time, a free 7-day trial to our customized GDPR learning paths by role.  Below you will find the courses listed in each trial along with a link to sign-up.  If you are interested, here is a complete list of all courses included in each learning path.

*Register by April 1, 2018 to participate in the trial, or contact us to extend the trial deadline.

FeatureIcon1.png

Developer

Learning Path Includes:

Fundamentals of Secure Development
Fundamentals of Secure Architecture
Architecture Risk Analysis and Remediation
How to Integrate the Microsoft MS SDL into your SDLC
How to Create Application Security Design Requirements
Fundamentals of Security Testing 
Testing for CWESans Top 25 Software Errors

Trial for Developers

FeatureIcon2.png

Project Manager

Learning Path Includes:

Fundamentals of Secure Development
Fundamentals of Secure Architecture
How to Integrate the Microsoft MS SDL into your SDLC
How to Create Application Security Design Requirements
Testing for CWESans Top 25 Software Errors


Trial for Project Managers

FeatureIcon3.png

QA/Tester

Learning Path Includes:

Fundamentals of Secure Development
Fundamentals of Secure Architecture
How to Create Application Security Design Requirements
Fundamentals of Security Testing
Testing for CWESans Top 25 Software Errors

 

Trial for QA/Testers

FeatureIcon4.png

Enterprise Infrastructure

Learning Path Includes:

Essential Account Management Security 
Essential Security Planning Policy and Procedures
Essential Information Security Program Planning
Essential Identification and Authentication
Essential Application Protection

Trial for Enterprise Infrastructure

Rolling Out an Effective Application Security Training Program

Traditional education that prepares development teams for new technologies, development languages, and infrastructures does not typically arm them with the defensive skills needed to harden their software applications from attack. This is even more important in the wake of the upcoming GDPR mandate.  If you collect any form of customer data and your applications are compromised, you could have a massive problem on your hands.

Every organization is unique and needs its own customized approach to assure effectiveness and success of their training program. This white paper presents practical best practices for taking a many-hats approach that includes psychology, creativity, engaging materials, formal structures for learners to navigate, and a solid rooting in how people learn and apply new skills in their jobs.

Fill out the form to get your copy today!

GDPR Frequently Asked Questions

The General Data Protection Regulation (GDPR) regulates the privacy and handling of European Union (EU) citizen’s personal data. GDPR replaces the existing EU Data Protection Directive, and unifies data protection laws across the EU with a single set of rules for organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents no matter where they are located.

Why is GDPR important?

Required changes to IT Security and Data Privacy programs due to the data regulation can be extensive depending on the data you are collecting from EU residents. Other factors to consider include storage, access control, data usage, and who is responsible the data. Organizations found to be in breach of GDPR risk significant fines.

What are the penalties for violations?

Under Article 83(5) of the Regulation, authorities can impose fines up to €20M or 4% of the offending company’s global annual revenue, whichever is higher.

What is Personal Data?

The Regulation defines personal data as any information that can directly or indirectly identify a ‘natural person’, where it is to do with their private, professional, or public life. This includes their name, birth date, email address, IP address, bank details, medical information, and more.

What does GDPR mean for data “Controllers”?

The regulation requires that entities that have the last word on how the data is used must implement appropriate technical and organizational measures to protect personal data.

What is the jurisdictional reach for GDPR?

The jurisdictional reach or “territorial scope” of the regulation is broad and actually global. GDPR will apply to any organization that collects and analyzes data tied to EU residents. This includes any company based outside the European Union.

When does GDPR take effect?

GDPR was approved and finalized in 2016 with the new law being effective as of May 25, 2018.