GDPR – For The Attention Of Developers!
Blog|by James Roberts|18 December 2017
At first glance, governance may seem out of place here on the Code Matters tech blog for developers. This is a topic that mostly concerned operations in the past and had little to do with coding or the applications themselves. That said, SQL injections were opening up vulnerabilities in web sites and databases as far back as the late 90’s so the need to ensure developers play a part in mitigating the risks introduced by poor or sloppy code is nothing new.
The seriousness and cost of data breaches has escalated in recent years and is about to be elevated to an even greater degree by the EU’s General Data Protection Regulation (GDPR). This new legislation will impose huge fines on companies falling foul of security breaches, and this changes the game massively. Governance and security now need to be factored into every part of the IT estate including the applications themselves. This has become an integral aspect of systems modernisation and therefore part of a developer’s remit.
GDPR will take effect in the UK from May 25th, 2018. It’s a framework of regulations and similar matters most developers probably wish would go away. It might seem like a lot of red tape but at the end of the day it’s about protecting us as individuals in a digital world were we all rely heavily on IT systems. The UK government has confirmed it will adopt the regulation regardless of Brexit so it’s here to stay and we need to take it seriously.
The Information Commissioner’s Office (ICO) is the UK’s independent body that oversees our information rights and their web site provides a lot of useful and generally succinct detail on the subject. This is the page that summarises GDPR.
In the broader sense, governance isn’t just about protecting customers’ data by keeping hackers away. The systems need to be robust, reliable and compliant in all respects to be certain of fulfilling regulatory requirements.
We should be looking at all the components of our IT to identify anything that could compromise the reliability and security of the data. Though not strictly part of GDPR, this should include the identification of any code that is being used illegally such as open source that flouts the rules of the General Public Licence (GPL). In the event of an audit, anything that could pull the plug on parts of your IT is not only a threat to your business, it puts your customers at risk and potentially the integrity of the data you hold about them.
I mentioned SQL injections at the beginning of this blog. These are still a major source of security breaches some 20 years after they first appeared as hackers continue to exploit code and design vulnerabilities to gain access to data. GDPR is a bit like health and safety regulations in the workplace. It places responsibility on all of us but exists for our benefit as my colleague Alanna will be explaining in a follow-up blog shortly. I will also be taking a deeper dive into the more ‘codeworthy’ aspects of governance with news of products, articles and events that deal with the topic from a DevOps and developer’s perspective.
Next steps
A number of vendors provide solutions that assist with governance and this showcase will help you explore some of these. It introduces products and services that cover network security, data protection, identity management, backup and DR – all of which play a part in GDPR compliancy.
For further assistance please call us on +44 (0)1364 655123, email: security@greymatter.com or Live Chat today for further guidance.
Contact Grey Matter
If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.
By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.
James Roberts
Related News
School Closes Due to Ransomware Attack
It has been reported that Charles Darwin School in Kent has had to close its doors to students and staff while they sort out a severe cyber incident. The school suffered a ransomware attack and is working with the ICO...
Patch Alert Issued for Veeam
A critical patch alert has been issued for Veeam Backup & Replication software. The alert addresses a severe vulnerability, tracked as CVE-2024-40711, which allows unauthenticated remote code execution. This flaw could enable attackers to take full control of affected systems...
Are you ready for DORA?
Financial organisations operating in the EU have until 17 January 2025 to comply Understanding the Digital Operational Resilience Act (DORA) According to CIO Dive, financial services are 300 times more likely to be hit by cyberattacks than other sectors. This...
JavaScript Day 2024
Thu 24 October 2024 2:00 pm - 6:00 pm GMT
Are you ready to dive deep into the world of JavaScript and TypeScript? Mark your calendars for 24 October 2024 because JetBrains JavaScript Day 2024 is back for its fourth year, and it’s going to be bigger and better than...