ProSec GmbH

+49 261 45093090

  • About us
  • Services
    • Detection services
      • Classic penetration testing
      • Pentest as a service
      • Web application pentest
      • Vulnerability analysis
      • Red teaming
    • Solution services
      • IT security consulting
      • Data protection
        • GDPR
    • Education services
      • User awareness
      • Trainings
        • Junior penetration tester
        • Penetration tester web
        • Penetration tester network
  • Wiki
  • Jobs
  • Contact

PENETRATION TESTING

DETECTION SERVICES

GDPR for

Informations
Contents
Facts

CONSULTING

SOLUTION SERVICES

Trainings

EDUCATION SERVICES

GDPR - GENERAL DATA PROTECTION REGULATION

GDPR stands for General Data Protection Regulation, more precisely for Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regards to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

The purpose of the GDPR is to standardize the legal framework for data protection within the EU. This also serves the purpose of ensuring that personal data can be processed anywhere in Europe within the scope of this regulation and that an equality of competition is established between the individual European countries.

DSGVO
Abbildung von verschlüsselten Notebook und E-Mails

The GDPR regulates the data protection principles for the processing of personal data by companies and authorities in the European Union, as well as the processing of personal data of users who are located in the EU, even if the process takes place outside of the EU.

The regulation contains various open clauses that allow the individual member states to regulate certain sub-areas of data protection based on their national requirements. In all other areas, the General data protection regulation applies directly – adjustments by the national legislator are not possible.

The GDPR has been in effect since May 25, 2018, in all member states of the European Union after a two-year transition period.

User rights

  • The general data protection regulation offers users a wide range of rights
  • First of all, every company that processes personal data is obliged to inform the user in a transparent manner about the data processing and the most important key points according to Art. 13 and 14
  • Likewise, the user has the right to request information about the data being processed by the responsible person, to have his data corrected or deleted, at any time
  • In addition, the user may complain at any time to a data protection supervisory authority about data controllers in accordance with Art. 77 GDPR – supervisory authorities are obliged to examine and process incoming complaints

Don't know what a GDPR procedure directory is?

We support you in the implementation of suitable measures!

Data protection request

The GDPR in everyday life

Data is transmitted and encrypted with TLS on websites

The standard technology TLS („Transport Layer Security“) is used to secure connections on the Internet and to protect sensitive data that is sent between two systems. Informally, this is still often referred to as “SSL”. SSL stands for “Secure Sockets Layer” and is the predecessor of TLS. The SSL standard was introduced in 1996 and according to the specification has no longer been used since 2015.

If a website is secured via TLS, this is indicated with the identifier HTTPS (Hyper Text Transfer Protocol Secure) in the URL.
Clicking on the padlock in the browser bar will display information about the certificate such as the issuing certification authority and the company name of the website owner.

Abbildung eines Mobiltelefons, das vernetzt ist
Icon Datenschutz Emotet - evolution of malware

E-Mail - Communication - Real end-to-end encryption

End-to-end encryption (“end-to-end encryption”, “E2EE”) denotes the encryption of data that is sent across all transmission stations. Only the respective endpoints of the communication can decrypt the message.

Protection of stored data

The General Data Protection Regulation aims to minimize the risks to the rights and freedoms of those affected by data processing. In the area of technical data protection, the focus here is primarily on two aspects:

Depending on the risks that a violation of the protection of personal data may result in, the user and the person responsible must take protective measures. Risks considered are from the perspective of the person concerned, while in the area of information security risks are considered from the perspective of the company.

The other dimension of technical data protection is primarily determined by the principles of “privacy by design” and “privacy by default”. Even when designing data processing systems, care must be taken to ensure that only the necessary processing takes place in the “standard-setting”. When using software, the company must also ensure that it is configured in such a way that it only collects and processes the data that is necessary to achieve the purpose.

The Implementation of the GDPR

In order to implement the GDPR in a company, many aspects have to be considered:

Umsetzung DSGVO
  • Creation of a processing directory according to the requirements of the GDPR
  • Providing information on the data processing carried out
  • Implementation of processes to implement the rights of users
  • Implementation of state-of-the-art technical measures to protect data
  • Creation of organizational instructions to support employees in processing data in accordance with the company’s data protection principles
  • Creation of organizational instructions to support employees in ensuring the security of the company when using IT systems
  • Creating awareness of data protection and IT security in the company in order to identify possible security and data protection incidents
  • Implementation of a process for recording, analyzing, and evaluating a data protection incident within the legally prescribed period of 72 hours
  • Implementation of central contract management for an efficient overview of required and existing order processing contracts
  • Implementation of a deletion concept to ensure timely and data protection compliant data deletion
  • Implementation of processes that ensure that the existing documentation remains up to date
  • Mechanisms for regular control and evaluation of the implemented processes and measures to ensure appropriateness and effectiveness

An external External Data Protection Officer can support you in the implementation of the above measures and can draw on a wealth of experience.

Not what you need?

Do you need IT security consulting? No problem!

IT security consulting

OUR LOCATIONS

  • Headquarters:
  • ProSec GmbH
  • Robert-Koch-Straße 1-9,
    D-56751 Polch, Germany

  • Berlin office:
  • ProSec GmbH
  • Friedrichstr. 123,
    D-10117 Berlin, Germany

 

  • Munich office:
  • ProSec GmbH
  • Franz-Joseph-Str. 11,
    D-80801 München, Germany

TOP-SERVICES

  • Penetration testing

  • Vulnerability analysis

  • Trainings

  • IT security consulting

  • Social engineering

All rights reserved. © 2022 ProSec GmbH | Imprint | Privacy policy | Sitemap