Risk-Based Approach to Data Protection and GDPR Compliance

Verified

Added on  2023/06/14

|5
|693
|182
Report
AI Summary
This report provides an overview of a risk-based approach to data protection within the framework of the General Data Protection Regulation (GDPR). It identifies two primary risks related to Personally Identifiable Information (PII): stolen credentials and phishing attacks, as well as lost or stolen storage devices. The report details mitigation strategies for each risk, including user training, email filtering, frequent backups, data loss prevention solutions, and software updates to combat phishing. For lost or stolen storage devices, the mitigation steps involve identifying security weak points, understanding legal obligations under GDPR, implementing technological protections like disabling automatic downloads and regularly updating passwords, developing a data breach response plan, and using antivirus software. The report emphasizes the importance of these risk management strategies to ensure compliance with GDPR and protect sensitive personal data. Desklib offers more solved assignments and resources for students.
Document Page
Running head: DATA PROTECTION IN GDPR
Risk-Based Approach for Data Protection in GDPR
Name of the Student
Name of the University
Author’s Note:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1
DATA PROTECTION IN GDPR
Table of Contents
Two Risks Related to PII...........................................................................................................2
Mitigation of Risks to Ensure Compliance with GDPR............................................................2
References..................................................................................................................................4
Document Page
2
DATA PROTECTION IN GDPR
Two Risks Related to PII
Personally Identifiable Information or PII is any specific information, which is
utilized for tracing or identifying the identity of an individual. The various examples of PII
are name, passport number, account details, phone number, SSN or social security number or
any PIN or personal identification numbers (Tankard 2016). These types of information are
extremely vulnerable to any type of threat. The two risks to PII are as follows:
i) Stolen Credentials and Phishing: This is the most vulnerable risk in PII. The
credentials could be easily stolen and thus phishing occurs. The hackers get the access of the
usernames and passwords of the victims by disguising as the trustworthy entity within
electronic communication (Khonji, Iraqi and Jones 2013).
ii) Lost or Stolen Storage Devices: The second PII risk is the lost or stolen storage
devices like DVDs, USB, hard drives and many more. If these devices are lost or stolen, these
could be easily breached. Moreover, the hackers can even access to the systems.
Mitigation of Risks to Ensure Compliance with GDPR
Although, the above mentioned PII risks are extremely vulnerable, they can be
mitigated with proper risk management and thus the compliance with GDPR can be ensured.
i) Steps for Mitigating Phishing: There are five distinct steps to mitigate the risk of
phishing attacks (Shahriar, Klintic and Clincy 2015). They are as follows:
Step 1: The users should be trained properly.
Step 2: The second step is to filter all the emails and implement an anti-phishing
protection.
Document Page
3
DATA PROTECTION IN GDPR
Step 3: Frequent backups should be run for keeping the users productive,
Step 4: The fifth step is to deploy data loss prevention solution
Step 5: The final step is to keep the software up to date (Tankard 2016).
All these steps are supposed to mitigate the risk of stolen credentials or phishing.
ii) Steps for Mitigating Lost or Stolen Storage Devices: There are few steps to
mitigate the PII risk of lost or stolen storage devices. The steps are given below:
Step 1: The first step is to mitigate the risk of data breach. Thus the weak points of
security should be identified.
Step 2: The second step is to know about the legal obligations. The users should have
the clear idea of GDPR (Chaudhuri 2016).
Step 3: The technological protections should be considered like disabling the
automatic download option and upgrading passwords regularly.
Step 4: The fourth step is to have a data breach response plan.
Step 5: The final step is to keep an antivirus within the system or storage device.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4
DATA PROTECTION IN GDPR
References
Chaudhuri, A., 2016. Internet of things data protection and privacy in the era of the General
Data Protection Regulation. Journal of Data Protection & Privacy, 1(1), pp.64-75.
Khonji, M., Iraqi, Y. and Jones, A., 2013. Phishing detection: a literature survey. IEEE
Communications Surveys & Tutorials, 15(4), pp.2091-2121.
Shahriar, H., Klintic, T. and Clincy, V., 2015. Mobile phishing attacks and mitigation
techniques. Journal of Information Security, 6(03), p.206.
Tankard, C., 2016. What the GDPR means for businesses. Network Security, 2016(6), pp.5-8.
chevron_up_icon
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]