GDPR – For The Attention Of Developers!
Blog|by James Roberts|18 December 2017
At first glance, governance may seem out of place here on the Code Matters tech blog for developers. This is a topic that mostly concerned operations in the past and had little to do with coding or the applications themselves. That said, SQL injections were opening up vulnerabilities in web sites and databases as far back as the late 90’s so the need to ensure developers play a part in mitigating the risks introduced by poor or sloppy code is nothing new.
The seriousness and cost of data breaches has escalated in recent years and is about to be elevated to an even greater degree by the EU’s General Data Protection Regulation (GDPR). This new legislation will impose huge fines on companies falling foul of security breaches, and this changes the game massively. Governance and security now need to be factored into every part of the IT estate including the applications themselves. This has become an integral aspect of systems modernisation and therefore part of a developer’s remit.
GDPR will take effect in the UK from May 25th, 2018. It’s a framework of regulations and similar matters most developers probably wish would go away. It might seem like a lot of red tape but at the end of the day it’s about protecting us as individuals in a digital world were we all rely heavily on IT systems. The UK government has confirmed it will adopt the regulation regardless of Brexit so it’s here to stay and we need to take it seriously.
The Information Commissioner’s Office (ICO) is the UK’s independent body that oversees our information rights and their web site provides a lot of useful and generally succinct detail on the subject. This is the page that summarises GDPR.
In the broader sense, governance isn’t just about protecting customers’ data by keeping hackers away. The systems need to be robust, reliable and compliant in all respects to be certain of fulfilling regulatory requirements.
We should be looking at all the components of our IT to identify anything that could compromise the reliability and security of the data. Though not strictly part of GDPR, this should include the identification of any code that is being used illegally such as open source that flouts the rules of the General Public Licence (GPL). In the event of an audit, anything that could pull the plug on parts of your IT is not only a threat to your business, it puts your customers at risk and potentially the integrity of the data you hold about them.
I mentioned SQL injections at the beginning of this blog. These are still a major source of security breaches some 20 years after they first appeared as hackers continue to exploit code and design vulnerabilities to gain access to data. GDPR is a bit like health and safety regulations in the workplace. It places responsibility on all of us but exists for our benefit as my colleague Alanna will be explaining in a follow-up blog shortly. I will also be taking a deeper dive into the more ‘codeworthy’ aspects of governance with news of products, articles and events that deal with the topic from a DevOps and developer’s perspective.
Next steps
A number of vendors provide solutions that assist with governance and this showcase will help you explore some of these. It introduces products and services that cover network security, data protection, identity management, backup and DR – all of which play a part in GDPR compliancy.
For further assistance please call us on +44 (0)1364 655123, email: security@greymatter.com or Live Chat today for further guidance.
Contact Grey Matter
If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.
By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.
James Roberts
Related News
Copilot Week: Volume Two
After the success of the first version in February of this year, Microsoft has decided to host a second edition of Copilot Week, from 8-11 April 2024! This event will bring attendees into the world of Copilot, offering inspiration and...
Microsoft 365 and Azure Security Tools: Video One
The first in our series of short videos covering Microsoft 365 and Azure security tools is available now!
This series will be covering off the key tools and concepts you need to know about to secure your Microsoft 365 work environment. This is an essential step in preparing if your business is looking to adopt Microsoft 365 Copilot in 2024.
The 5 steps to adopt Microsoft 365 Copilot
Since Microsoft 365 Copilot’s release it has been one of the hottest software tools of 2024, with many businesses viewing it as a tool than can not only improve productivity and boost creativity but revolutionise the way they work. Indeed,...
[WEBINAR] Introducing CyberSmart
Wed 17 April 2024 3:00 pm - 4:00 pm BST
End-to-End Assurance Grey Matter is proud to partner with CyberSmart, providing easy-to-use technology and certifications to empower organisations of all sizes to fight cyber threats. Join our webinar to learn more about CyberSmart and what they do. During the webinar,...