GDRP is forcing Secure Software Development practices
General Data Protection Regulation (GDPR) will come into force on 25th May 2018. It applies to any organization that holds or processes personal information of any European citizen and it’s important to know that the term personal information has been widened to anything that could identify citizens such as IP Address or cookies.
Organizations which suffers a data breach are liable to be fined up to 4 % of their global annual revenue or 20 MIO €, whichever is larger.
Security by design
As a best practice you should re-think your software development approach and switch to a secure software development life cycle (SDLC) which reflects both, privacy and security throughout the whole development chain. Review the BSIMM secure software framework which is a good starting point and allows a step-by-step improvement of your secure software development maturity level over time.
Furthermore, GDPR is all about how you manage personal information. I don’t want to repeat all details clearly outlined by responsible bodies. As a starting point it’s a good advice to make sure that the below pullet points are properly addressed in your organization.
- Build awareness
- Build accountability
- Review current data privacy notices
- Review privacy rights
- Access requests
- Customers Consent
- Children’s Data
- Reporting data breaches
- Data Protection Officer
Read more details under https://www.eugdpr.org/
May 25th is the deadline to be compliant to this GDPR regulation. My advice is to use the remaining few weeks and transform your development process towards security.