General Data Protection Regulation (GDPR Compliance)
ATTACK Simulator's Professional ServicesTo ease things for you, we dedicate this page to address the most common questions about GDPR. We hope to give you a clear insight into how GDPR affects your business in a concise and timely manner.
What about GDPR?
ATTACK Simulator complies with GDPR and supports with great commitment the efforts towards transparent data processing. We acknowledge the importance of data security and unify our efforts in making sure employees operating with data comply with the standards of GDPR.
How does GDPR concern me?
Personal data includes any data that leads to the identification of an individual, either directly or indirectly. This includes name, email address, ethnicity, gender, age, location, biometric data, web cookies, IP address, etc.


What is GDPR?
Effective since May 25, 2018, GDPR is a strict privacy law implemented by the European Union (EU) replacing the outdated data protection directive from 1995. Although part of the EU legislation, GDPR applies to all organizations dealing with European data subjects, regardless of their geolocation, impacting businesses worldwide. In short, GDPR addresses the lawful, transparent, and fair data processing of EU subjects.
Why is GDPR needed?
The implementation of GDPR was urged by the usage increase of devices that collect data. It reinforces individuals’ privacy rights by ensuring the companies processing the data have a clear intent regarding it and communicate it accordingly.


GDPR Violation Consequences
Law violation can lead to harsh fines reaching up to 20 million euros or 4% of the global annual revenue, whichever is higher. Note that data subjects could seek compensation for damages as well.
What is “personal data”?
Personal data includes any data that leads to the identification of an individual, either directly or indirectly. This includes name, email address, ethnicity, gender, age, location, biometric data, web cookies, IP address, etc.
What is “data processing”?
Data processing encompasses any action performed on data, either automated or manual. It includes collecting, recording, organizing, structuring, storing, altering, using, or erasing.

Conditions for data collection
GDPR states that data collection should occur only under clarified and legitimate purpose and must be relevant to that intended purpose. Organizations must communicate the purpose of using accessible language.
What happens with the data?
Data that you collect from your users can be held by a:
Controller
the entity that determines the purpose of processing personal data.
Processor
Recipient

Right to erasure
Data Security and Data Breach Notification


Indicated technical measures to avoid data breach
– limiting access to designated employees;
– using end-to-end encryption for cloud services and two-factor authentication on personal accounts.
How do I get GDPR certified?
Becoming compliant with GDPR involves several steps, among which making an inventory of all the devices that are connected to your network, identifying third party processors, appointing a data protection officer, knowing when and where in your clients’ journey their data is accessed, identifying the responsible authorities in your country (to whom you should report in case of data breach), and training your employees. The last step is where ATTACK Simulator comes into play, helping you become GDPR compliant through security awareness training for your employees.
There’s no reason to postpone training your employees
Get a quote now based on your organization’s needs and start building a strong cyber security infrastructure.