GDPR (General Data Protection Regulation) requires an assessment of apps and critical network infrastructure to detect security lacunae. Similarly, implemented security controls should be checked for their effectiveness.
Regular vulnerability scans ensure that vulnerabilities are detected at the earliest opportunity and can be eliminated as quickly as possible. The frequency for most networks and goals that has proved optimum is one month; it is, however, advisable to have critical apps or infrastructure scanned for vulnerability more frequently.
Scans should be studied and interpreted by an experienced security specialist; only then false positives can be distinguished from security lacunae.
In addition to the mostly automated vulnerability scans, manual penetration tests should also be performed. Pentests can find security lacunae or organizational deficiencies that could not so far be recognized automatically.
Besides the security check offered by Zerberos, GDPR conformity naturally requires further organizational and legal tests and adaptations; if necessary, we can provide you with support in this case through our experienced partners.
Do Swiss companies come under GDPR?
In short: Yes, even if you only process data of an EU-based customer.
Long version: Please consult your legal advisor for clarification.
It is incumbent on Swiss firms to protect your customers’ data better, failure to do so entails draconian punishments.
Cyber Security as Requirement for Companies
Dieser Text ist auch verfügbar auf: DE