Risk-Based Approach for Data Protection in GDPR

Verified

Added on 2023/06/14

AI Summary

This article discusses the risks related to Personally Identifiable Information (PII) and how to mitigate them for compliance with GDPR. It covers two main risks - stolen credentials and phishing, and lost or stolen storage devices. The article provides steps to prevent these risks, including training users, implementing anti-phishing protection, identifying weak points of security, and having a data breach response plan.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: DATA PROTECTION IN GDPR
Risk-Based Approach for Data Protection in GDPR
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
DATA PROTECTION IN GDPR
Table of Contents
Two Risks Related to PII...........................................................................................................2
Mitigation of Risks to Ensure Compliance with GDPR............................................................2
References..................................................................................................................................4

2
DATA PROTECTION IN GDPR
Two Risks Related to PII
Personally Identifiable Information or PII is any specific information, which is
utilized for tracing or identifying the identity of an individual. The various examples of PII
are name, passport number, account details, phone number, SSN or social security number or
any PIN or personal identification numbers (Tankard 2016). These types of information are
extremely vulnerable to any type of threat. The two risks to PII are as follows:
i) Stolen Credentials and Phishing: This is the most vulnerable risk in PII. The
credentials could be easily stolen and thus phishing occurs. The hackers get the access of the
usernames and passwords of the victims by disguising as the trustworthy entity within
electronic communication (Khonji, Iraqi and Jones 2013).
ii) Lost or Stolen Storage Devices: The second PII risk is the lost or stolen storage
devices like DVDs, USB, hard drives and many more. If these devices are lost or stolen, these
could be easily breached. Moreover, the hackers can even access to the systems.
Mitigation of Risks to Ensure Compliance with GDPR
Although, the above mentioned PII risks are extremely vulnerable, they can be
mitigated with proper risk management and thus the compliance with GDPR can be ensured.
i) Steps for Mitigating Phishing: There are five distinct steps to mitigate the risk of
phishing attacks (Shahriar, Klintic and Clincy 2015). They are as follows:
Step 1: The users should be trained properly.
Step 2: The second step is to filter all the emails and implement an anti-phishing
protection.

3
DATA PROTECTION IN GDPR
Step 3: Frequent backups should be run for keeping the users productive,
Step 4: The fifth step is to deploy data loss prevention solution
Step 5: The final step is to keep the software up to date (Tankard 2016).
All these steps are supposed to mitigate the risk of stolen credentials or phishing.
ii) Steps for Mitigating Lost or Stolen Storage Devices: There are few steps to
mitigate the PII risk of lost or stolen storage devices. The steps are given below:
Step 1: The first step is to mitigate the risk of data breach. Thus the weak points of
security should be identified.
Step 2: The second step is to know about the legal obligations. The users should have
the clear idea of GDPR (Chaudhuri 2016).
Step 3: The technological protections should be considered like disabling the
automatic download option and upgrading passwords regularly.
Step 4: The fourth step is to have a data breach response plan.
Step 5: The final step is to keep an antivirus within the system or storage device.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
DATA PROTECTION IN GDPR
References
Chaudhuri, A., 2016. Internet of things data protection and privacy in the era of the General
Data Protection Regulation. Journal of Data Protection & Privacy, 1(1), pp.64-75.
Khonji, M., Iraqi, Y. and Jones, A., 2013. Phishing detection: a literature survey. IEEE
Communications Surveys & Tutorials, 15(4), pp.2091-2121.
Shahriar, H., Klintic, T. and Clincy, V., 2015. Mobile phishing attacks and mitigation
techniques. Journal of Information Security, 6(03), p.206.
Tankard, C., 2016. What the GDPR means for businesses. Network Security, 2016(6), pp.5-8.

1 out of 5

+13062052269

info@desklib.com

Risk-Based Approach for Data Protection in GDPR

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Cloud Privacy and Security

System Security: Data Breach Attack on eBay and WannaCry Ransomware Attack

Strong Security for Cloud Storage & Data Governance

Yahoo Data Breach Case Assignment

Safe Computing | Presentation

Cyber Security: BYOD Risk Assessment, Certificate-based Authentication, and Anti-phishing Guideline