GDPR (General Data Protection Regulation) requires an assessment of apps and critical network infrastructure to detect security lacunae. Similarly, implemented security controls should be checked for their effectiveness.

Regular vulnerability scans ensure that vulnerabilities are detected at the earliest opportunity and can be eliminated as quickly as possible. The frequency for most networks and goals that has proved optimum is one month; it is, however, advisable to have critical apps or infrastructure scanned for vulnerability more frequently.

Scans should be studied and interpreted by an experienced security specialist; only then false positives can be distinguished from security lacunae.

In addition to the mostly automated vulnerability scans, manual penetration tests should also be performed. Pentests can find security lacunae or organizational deficiencies that could not so far be recognized automatically.

Besides the security check offered by Zerberos, GDPR conformity naturally requires further organizational and legal tests and adaptations; if necessary, we can provide you with support in this case through our experienced partners.

Do Swiss companies come under GDPR?

In short: Yes, even if you only process data of an EU-based customer.

Long version: Please consult your legal advisor for clarification.

NZZ 14.7.2017

It is incumbent on Swiss firms to protect your customers’ data better, failure to do so entails draconian punishments.

Most Swiss companies are also subject to the new data protection law in the EU. The ramifications must not be underestimated; omission invites high pecuniary penalties.>>

Go to the article at

NZZ 31.8.2017

Cyber Security as Requirement for Companies

Cyber security is a strategic corporate risk and the responsibility of corporate management. Suitable defensive measures against cyber attacks are indispensable.>>

Go to the article at