The EU GDPR Draws Near. Is Your Organization ready?

Are You Ready for the EU GDPR?

March 3, 2017, Hiten Sharma

Are you ready for the EU GDPR?

The EU General Data Protection Regulation (GDPR) takes effect next May and applies not only to organisations with operations in the EU but also to any organisation that targets EU citizens electronically, even if they have no physical presence in the EU. The fines for noncompliance are steep, and as a result, most, if not all, large organisations have active GDPR projects running.

GDPR defines stringent guidelines for the collection, storage, and processing of personally identifiable information.  Regarding collection, if your public-facing digital assets collect PII, they are in scope for GDPR.  

RiskIQ Digital Footprint mapping gives you the ability to have a full view of what your web assets look like from an end user perspective. As a technical account manager, one of my roles is to help customers operationalise RiskIQ intelligence within their organisation. With the scale and variety of data that RiskIQ captures, an interesting part of my job is to understand how this data is made actionable for different business units.

Some time ago, I was talking to a customer who was looking for a better way to isolate all in-scope websites. With a single click, RiskIQ can isolate websites that contain generic site access attributes in the site page. However,  given the global and multilingual nature of their business, the customer wanted more. For example, sites specifically created for a region where English is not used or understood, and, therefore, will not be flagged in the view below:

The EU GDPR is near. The fines for noncompliance are steep, so most organisations are now running GDPR projects.

Fig-1 Sites listed in the RiskIQ tool

Although this use case sounds quite complex, it was relatively easy to deliver. Here’s why:

Our crawler technology is designed to emulate real and random user behaviour, and by doing so, we capture and store each document object model (DOM) for each page we crawl. With input from the customer and the use of our integrated API, we were easily able to identify all their websites that collect PII, regardless of language or layout. This exercise uncovered 300% more Login/PII collection sites then were known previously, many of which were collecting and transmitting data insecurely.

In recent months, many more of our EU customers have worked with us on similar projects to ensure they have a complete view of sites to review. In addition to GDPR compliance, the exercise is helping them improve the protection of their customers and their brand.

Try RiskIQ Community Edition for free and get your organization’s digital footprint today.

Share: