CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo
Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
Perspectives

How PCI Compliance Can Help Toward GDPR Compliance

September 19, 2018 1 minute read Alex Norell

Sessions discussing the upcoming European Union General Data Protection Regulation (GDPR) at the recently held Payment Card Industry (PCI) Security Standards Council EMEA Community Meeting in Barcelona, Spain were packed.

While the GDPR and the PCI Data Security Standard (PCI DSS) are two very different and separate compliance standards, there are key intersections that warrant deep examination.

The PCI DSS is a mature compliance standard addressing the protection and security of cardholder data. If you are subject to the PCI DSS, the information in your cardholder data environment is subject to regulation by GDPR. If you are compliant with the PCI DSS, you are meeting the baseline security control standards of the GDPR. Your challenge will be to ensure that you are implementing equivalent controls for other areas of your organization and network that interact with data, beyond just cardholder information.

Click here to watch an on-demand webinar about the GDPR and how to address it.

Key Challenges in Extending PCI DSS-like Security Controls

If you are PCI DSS compliant, you should have a head start on implementing the kinds of data security best practices and controls that the GDPR requires. A key challenge, however, is that in most organizations it will be different teams who are responsible for these tasks. And, GDPR requirements actually extend to the organization as a whole.

GDPR Processes and Procedures

GDPR goes well beyond security controls in defining how personal data must be collected, processed and stored. There are six principles for GDPR, and security controls are focused in only one of these:

1) Personal data must be processed lawfully, fairly and transparently.

2) Personal data is collected for specific, explicit and legitimate purposes.

3) Personal data collected is relevant and limited to what is necessary for processing.

4) Personal data must be accurate and kept up to date.

5) Personal data must be kept in a form such that the data subject can be identified only as long as is necessary for processing.

6) Personal data must be processed in a manner that ensures its security.

To make sure you are developing a strategic approach to your GDPR compliance, partner with an organization that can help you holistically address the scope of the GDPR through tailored services.

Alex Norell is director of compliance and risk services for EMEA and APAC at Trustwave.

Latest Trustwave Blogs

Effective Cybersecurity Incident Response: What to Expect from Your MDR Provider

Companies engage with a managed detection and response (MDR) provider to help ensure they detect cyber threats before they do any damage. The "response" part of the MDR moniker is key to that effort,...

Read More

The Power of Red and Purple Team Drills in Enhancing Offensive Security Programs

Despite investing in costly security solutions, keeping up with patches, and educating employees about suspicious emails, breaches still occur, leaving many organizations to wonder why they are...

Read More

Balancing Innovation and Security: How Offensive Security Can Help Navigate the Tech Industry’s Dual Challenges

Two of the greatest threats facing technology-focused organizations are their often-quick adoption of new technologies, such as artificial intelligence (AI), without taking security measures into...

Read More