News
The EU General Data Protection Regulation (GDPR) went into effect five years ago on May 23, 2018
May 2023 by Sylvain Cortes, VP Strategy at Hackuity
A central requirement for organisations at the time was “a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.”
With nearly 100,000 CVEs discovered since the adoption of GDPR – roughly half of all known CVEs to date – an effective vulnerability management programme has never been more essential to avoiding both the costly aftermath of a cyber incident and the resulting penalties from regulators.
Hackuity, the risk-based vulnerability management provider, is urging organisations to take the opportunity to test systems for compliance specifications, like those in GDPR article 32, to improve their overall cyber resilience.
This was not a one-off compliance tick box in 2018, nor is it today. Hackuity advises that vulnerability and exposure management must be addressed continuously to ensure proactive security and adherence to industry standards.
Sylvain Cortes, VP of Strategy at Hackuity, comments:
“Compliance is essential, but we urge organisations to take the opportunity to think beyond baseline requirements to develop a culture of continuous cyber improvement. It’s important to remember that achieving compliance shouldn’t be treated like ‘exam-cramming’ with last-ditch efforts to achieve annual or quarterly audits.
The goal is to achieve more than the minimum requirements and move away from the tick-box mindset. GDPR compliance is necessary, but it is far from sufficient for modern organisations.”
With updates to key regulations also on the horizon – such as the FTC “Safeguards Rule” and PCI 4.0 – organisations need to regularly verify that all appropriate measures are in place to anticipate new requirements and, above all, emerging threats.
