Skip to main content
Application Security padlock icon

This post is from the Arxan blog and has not been updated since the original publish date.

Last Updated Oct 17, 2017 — Application Security expert

GDPR Demystified

Application Security

by Asma Zubair, Senior Director of Product Management

If you are busy preparing for GDPR (General Data Protection Regulation), you are not alone. The GDPR will affect a very large number of organizations -- practically every organization that does business in the EU or is located in EU. Google Trends shows that interest in GDPR all over the world has increased rapidly in 2017. 

The surge in GDPR related queries is driven by organizations trying to figure out what GDPR is, how it will impact them and what they can do to comply with it. This post provides an overview of GDPR and helps you prepare for the fast approaching GDPR enforcement deadline. The GDPR was announced in 2016 and will take effect on 25 May 2018. It is an all-encompassing regulation designed to protect EU residents’ privacy and personal data. GDPR violations will incur fines of up to 20 million euros or 4% of the company’s global annual turnover, whichever is higher. So, GDPR is not something to be taken lightly.

The first step for any organization looking to comply with GDPR is to review if they are processing personal data, i.e. any information that directly or indirectly identifies an individual. If so, they need to ensure the following:

  • They have tools and processes for dealing with data subjects’ rights - such as the right to be informed (for transparency in how organizations use personal data), right of access (to their information), right to rectification and right to be forgotten, etc.
  • Employees and customers have been informed of all data processing activities and data transfers performed on their personal data
  • A detailed record is maintained of all processing activities, including the purpose of processing, a description of data, and security measures taken to protect it
  • Any third parties processing European personal data on the organization’s behalf comply with the GDPR requirements
  • Personal data is transferred outside the European Economic area only if recipients have adequate level of protection in place

GDPR requires organizations to have “privacy by design and default.” This means organizations need to take data privacy into account through all stages of projects and have extensive systems and processes in place for data protection. Because data is almost always accessed, written, and modified through applications, protecting your applications is critical for data protection. Unprotected applications can be reverse engineered and repackaged to bypass access checks, or have malware inserted. Applications, when not protected properly, can have their cryptographic keys stolen, potentially revealing unauthorized access to personal data. Under the GDPR, such breaches will result in hefty fines.  

Additionally, organizations need to consider management of enterprise apps. For more information about how mobile application management supports privacy and mitigates risk by managing corporate data while leaving personal data untouched, watch this webinar with 451 Research on “How the GDPR Impacts Your Enterprise Mobility Management Practices.”

More from the Blog

View more
Jan 18, 2022

Be aware or beware: Easily insert security into your mobile apps

Application Security
COVID-19 has quickly pushed companies over the technological tipping p ...
Read More
Dec 23, 2021

Using machine learning to detect malicious packages

Application Security
Staying up to date with new technology in today’s advanced digital age ...
Read More
Dec 17, 2021

Log4j: Not the Vulnerability We Want, and Not the Vulnerability We Need

Application Security
Log4j is the reminder we didn’t need: the reminder that vulnerabilitie ...
Read More
Apr 29, 2021

Why better security means better products

Application Security
Over the past 15 years, businesses have learned a lot about the value ...
Read More
Contact Us