GDPR Testing: Safeguarding Personal Data on Connected Devices
Is your device connected? Is your product GDPR compliant?
The General Data Protection Regulation (GDPR) establishes the new legal framework for personal data protection for the EU. It defines ‘personal’ data and the legal basis for the processing thereof, as well as the obligations and restrictions incumbent on those who come into contact with the data.
GDPR is designed to safeguard and strengthen the rights of data subjects (persons of whom personal data is processed), to better enable them to take control of their data in an increasingly digital society.
It is important to note that substantial fines and penalties can be imposed for non-compliance.
Eurofins Cyber Security team have over 100 cyber security experts focused on helping organisations like yours ensure their businesses, processes and devices are compliant with GDPR and other requirements.
Getting the right solution is important. That's why we invite you to talk with one of our experts who can determine your requirements and propose the most suitable offerings. Get in touch to find out more.
GDPR Product Testing: Reviews and Assessments
Eurofins Cyber Security's comprehensive and wide-ranging GDPR compliance assessments have been developed in a modular form depending on the type of product, complexity of the device and so forth. The core elements to be tested will include:The core can be fully customised for individual requirements and include:
- testing the attack surface of products
- testing the communication to and from devices
- conformance to country-specific security requirements
- analysis of the firmware of products to see whether it is possible to extract sensitive data
Additional reviews and assessments may include:
- Remote host assessment, penetration testing
- Hands-on mobile app testing (iOS and Android)
- OWASP Top 10 checks
- Code review, with a focus on embedded software
- Hardware and embedded system testing from documentation review through to fuzzing
The testing can also be extended to include wider cyber security testing over and above GDPR compliance