Penetration Testing for GDPR Compliance
(SaaS for UX designers)

Any business offering goods or services to people means the processing of personal data. Not necessarily it would be user location or religious beliefs, but even the basic fields of name and email are considered as confidential information.

The UX design platform has got under the GDPR regulations and according to Art. 24 GDPR “The controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.” And if the legal team of our client handled the organizational measures, then the company came to us to check its technical compliance and develop the necessary technical measures.

Providing services of penetration testing we worked intensely on personal data access and its protection level. We checked how the rights of the data subject were technically implemented (prohibition of data processing, export, deletion, etc.) and made a list of recommendations on how to make them correctly based on the GDPR.

We continue collaborating and consult the client's team with security tips to make sure the found vulnerabilities are properly approached.