Enforcement is Coming
The GDPR enforcement date is now less than a calendar quarter away, coming into full force on May 25th, 2018.
In our previous article we discussed the importance of not forgetting about Mobile Applications when considering GDPR regulations. It’s not just apps such as banking or mobile payment that need to be concerned, even applications such as WhatsApp are being pressured to take a hard look at how they can comply with GDPR and increasingly strict privacy policies.
Two of the more mobile focused articles are:
Article 25 - Data protection by design and by default
Article 32 - Security of processing
We’ll skip the deep dive this time, but you can review here.
GDPR Mapping is Difficult & Time Consuming
One of the problems you may run into when considering GDPR implications for mobile, and beyond, is the age old problem of mapping policy language to real technological mechanisms or implementation details. It can be daunting to perform an exhaustive review of the typically in-depth policy articles and translate that into a risk assessment or actionable security changes.
Assuming GDPR mapping would be as problematic for mobile as standard apps, we began the hard work of translating all of the individual GDPR requirements into checks and balances against real-world code and security settings. This is where the magic happens.
If you know about our platform you know we do rapid in-depth binary analysis of applications to produce Risk and Privacy reports. Our reports have long included OWASP mapping, but have now been extended to include automatic GDPR mapping as well. How does this benefit your organization? It means that you can upload your binary application to RECON, our Risk Analysis engine, it will parse the application and run it through our automated GDPR system, and then you’ll receive a report including full GDPR mapping details.
Automated GDPR In Action
Here’s a quick screenshot of what this looks like:
You’ll be able to dive into the GDPR implications as it applies to your application’s Data Security, Data Threats, and Personal Data.
We break out 4 levels of compliance, providing both summary details and specific line-item mappings so you can easily understand whether your application is compliance or not, and if not, what areas you need to focus on in order to become compliant.
While this isn’t a silver bullet for GDPR compliance, and your development team may still have a lot of work to ensure your applications are compliant, we believe this will dramatically increase the speed at which organizations can both identify and mitigate potentially costly GDPR infractions.
If you're interested in checking out this capability we are launching a free trial in the coming weeks. Simply sign up here and you'll be notified when it launches.