Cybercillin uses a range of tools for active threat and breach detection, allowing us to secure your Internet-facing servers and other critical endpoints. The managed web application firewall (WAF) is delivered in a security-as-a-service model which guards against emerging threats such as the OWASP top 10, and provides immediate PCI DSS 6.6 compliance. Sensors and agents collect data in real time and feed it back to Cybercillin's Security Operations Centre (SOC) experts who can identify problems and respond to emerging threats before they become an issue.
The United Kingdom and Europe have amongst the most stringent data protection laws in the world.
Article 32 of the General Data Protection Regulation (GDPR) required the Data Controller and Processor to implement appropriate technical and organisation measures to ensure a level of security appropriate to the risk, including, among other things:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing
Additionally, GDPR places an obligation on organisations to report certain types of data breach to the Information Commissioner's Office within 72 hours of the breach.
To comply with your legal requirements effectively you need to have the following processes in place, even before a breach occurs.
- know how to recognise a data breach
- have a response plan in place to deal with the breach
- have a process in place to assess the likely risk for individuals affected by the breach
- have a process in place for reporting the breach to affected individuals (as well as the Information Commissioner's Office)
Some of these steps can be implemented systemically by using controls like intrusion detection systems. But once a breach has been identified, you also need to determine what potential damage has been done, and this will require human intervention and review.
Of course, the best approach is to minimise the risk of breach in the first place, or to have controls that limit the impact of breach when it occurs. That is where tools like unified threat management and active threat response come in.
Cybercillin can assist you with implementing all of these processes and our cybersecurity specialists can provide appropriate services where you do not have adequate knowledge or resources to perform tasks in-house. While we cannot guarantee that a breach of your systems will never occur, we can help to reduce the likelihood and impact of such events. We also provide assurance that you have implemented best-practice data protection procedures which can go along way toward rebuilding customer trust.
Data Protection After Brexit
As GDPR has been incorporated into the UK's Data Protection Act 2018, the requirements of GDPR will generally continue to apply, even after Brexit. Moreover, transfers of data between the UK and European Union States after Brexit will become subject to Articles 44-50 of GDPR for the first time. Data moved to the EU automatically becomes in-scope of GDPR, irrespective of its origin. Data received from the EU must comply with GDPR and it is illegal for an EU 27 firm to export data to a so-called “third country” without specific legal safeguards in place. Since post-Brexit UK will be a third country, UK companies will be subject to these safeguards. These provisions are heavily scrutinised by EU data protection authorities, so UK organisations should already be planning to ensure they have the necessary infrastructure in place to meet their obligations under Articles 44-50.