GDPR for Developers is a focused and practical course that gives developers the essential knowledge to ensure that they are able to design applications that meet GDPR requirements.
We designed our software security training to meet the agile needs of today’s modern organizations, with adaptive courseware that can be tailored to meet the learning goals of individual students. Whether you are trying to reach compliance or raise security standards across an organization, our training is flexible enough to meet your educational needs.
See a full catalogue of Security Compass software security training courses here.
SD Elements, a policy-to-procedure platform for security and compliance, enables organizations to rapidly and efficiently deliver technology that’s secure by design. It provides tailored security advice for each phase of the software development lifecycle. These solutions simplify GDPR compliance by using a series of tasks and reports that can be assigned to developers, and monitored for completion. We’ve created a guide that explains how SD Elements can help incorporate Data Protection by Design and Default into software development.
SD Elements translates GDPR’s complex requirements into readable guidance and code samples for software architects and engineers. SD Elements provides more than just a static translation—it’s a dynamic system that is contextually aware of the specific requirements and tech stack for an application.
GDPR is complex and touches on virtually all aspects of an organization's operations, including technical practices that are beyond the scope of knowledge for many employees tasked with enforcing the new regulations. Software architects and engineers understand the technical details of application development, but familiar with the details of GDPR. SD Elements is a painless and efficient way of reconciling complex GDPR policies with development procedures.
GDPR is a dense document with a lot of legal language about privacy. Many people don’t understand it.
Architects and engineers know about the technical details of the Application or Software. How can you resolve the two?
SD Elements is the only solution on the market that translates the complex privacy and legal requirements from this massive document into something that software engineering organizations can actually use.
SD Elements is contextually aware, customizable, extensible, scalable, and fully-primed for DevOps with ALM and Scanner integrations.
Article 25 - Data Protection by Design and Default
“The controller shall...implement appropriate technical and organisational measures...which are designed to implement data-protection principles...in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”
“The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed...Such measures shall ensure that by default personal data are not made accessible without the individual’s intervention...”
In other words, the the controls outlined in GDPR must be built into the systems that process any personal data, such that full privacy is the default state of these systems.
Organizations will struggle to determine how to implement GDPR controls, and also to prove that they have employed secure development practices and that these controls are working. Another major challenge will be finding a way to incorporate these practices into rapid release cycle development methodologies such and Agile and DevOps.
Enter SD Elements
SD Elements provides tailored security advice for each phase of the software development lifecycle. These solutions simplify GDPR compliance by using a series of tasks and reports that can be assigned to developers, and monitored for completion.
SD Elements provides a library of controls for organizations to implement GDPR compliance.
SD Elements issues tasks that serve as instructions for protecting against a vulnerability at various stages similar to the phases of software development. They’re procedures for solutions or tests that improve an application’s security and compliance with established standards, like privacy and GDPR.
SD Elements can help implement new features in software systems that GDPR requires, such as:
SD Elements also features robust tracking, logging and reporting capabilities, so it’s easy to prove that GDPR controls have been implemented and validated to be working correctly.GDPR controls have been implemented and validated to be working correctly.
SD Elements by Security Compass is the world’s leading policy-to-procedure platform for security and compliance. SD Elements features a comprehensive set of requirements and tasks covering 32 of the 99 articles in GDPR. The content has been produced by our own team of expert application security researchers. See what we cover in the table below.
Principles relating to processing of personal data
Lawfulness of procession
Conditions for consent
Conditions applicable to child's consent in relation to information society services
Processing of special categories of personal data
Rights of the data subject
Transparent information, communication and modalities for the exercise of the rights of the data subject
Information to be provided where personal data are collected from the data subject
Right of access by the data subject
Right to rectification
Right to erasure ('right to be forgotten')
Right to restriction of processing
Right to data portability
Right to object
Automated individual decision-making, including profiling
Controller and processor
Responsibility of the controller
Data protection by design and by default
Records of processing activities
Security of processing
Notification of a personal data breach to the supervisory authority
Communication of a personal data breach to the data subject
Data protection impact assessment
Codes of Conduct
General Principle for transfer
Transfers on the basis of an adequacy decision
Transfers subject to appropriate safeguards
Binding corporate rules
Derogations for specific situations
Provisions relating to specific processing situations
Processing in the context of employment
Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
What Is GDPR?
The General Data Protection Regulation passed by the EU is a "Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC."
It comes into effect on May 25, 2018.
Penalties and Fines for Noncompliance are Strict
As detailed in Article 83:
"Infringements of the following provisions shall ... be subject to administrative fines up to 20,000,000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher"
To Whom Does GDPR Apply?
In the broadest sense, any organization that is processing personal data of residents of the European Union must comply with GDPR, even if they are not physically located within the EU. Data subjects are are defined as “residing in the Member state,” or are EU residents (Article 3, Territorial Scope) but don’t have to be EU citizens. GDPR applies to any processor/controller that processes their data, even if even the organization in question is not physically in EU. As specified in Article 3, “This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union.”
GDPR Main Features
The European Union introduced GDPR to drastically improve the security and privacy of its residents. GDPR Recitals, Articles and Controls generally fall into one of the categories below.