Vulnerability Management

Products

System & Network Scanning

Find vulnerabilities in your entire infrastructure

Web Application Scanning

Find vulnerabilities in your web apps and APIs

Phishing & Awareness Training

Increase resilience against social engineering

Distribution Options

Cloud

Efficient and secure in the cloud

On-premise

Installed in your infra with local storage

Professional services

Success Program

Let our experts help you become successful

Penetration testing

Automated pen-testing

PCI DSS compliance

Meet compliance demands

Vulnerability Management Platform

Holm Security VMP

Take your tour
Solutions

Business needs

Industries

Compliance

Resources
Customers
Pricing
Partner

Information

Partner solutions

About us
Login

Security Center

Organizer

Start your trial account

System & Network Scanning

Systems, IoT, OT, SCADA etc.

Web App Scanning

All web apps and APIs.

Phishing Simulation

Build your human firewall.
Delivery option

Cloud
Delivery option

On-premise
Start your trial account

Pen. testing

Premium support

PCI compliance

Solutions

Resources

Partner

Pricing

About us

Pen. testing

Premium support

PCI compliance

Solutions

Business needs
AWS (Amazon Web Services)
COVID-19
IoT (Internet of Things)
Microsoft Azure
MSSP, MSP & SP (Service Providers)
OT, ICS, SCADA & PLC
SIEM integration
Social Engineering
Threat Intelligence
VAPT
Work from Home (WFH)
Risk Posture & Assessment
Risk-based Vulnerability Management
Industries
Education
Energy sector
Healthcare
Municipality
Retail & e-commerce
Shipping & maritime
Compliance
GDPR
HIPAA
ISO/IEC 27001
NIS
OWASP top 10
PCI DSS
Personal Data Protection Act
Personal Data Protection Bill
PSD2 (Payment Service Directive 2)
RMiT
SOX

Resources

Webinars
Blog
Customers
Support pages

Partner

Information
Become a partner
Partner Solutions
MSSP Partner Program
Managed SaaS

Pricing

About us

Our story
Join us
Management Team
Board
Contact

COMPLIANCE

GDPR

Our right to integrity is a human right. Just as we have the right to lock our front door to protect ourselves from burglars, we have the right to privacy online. We decide whom we want to welcome into our house. The EU Charter of Fundamental Rights stipulates that everyone in the EU has the right to protect their personal data and get access to data collected and the right to have it rectified. But new technology has eroded this human right, and companies continuously collect data for their own purposes.

Challenges

Consistency & increased security

General Data Protection Regulation or GDPR came into force on May 25th, 2018. GDPR aims to create coherence around the management of personal data within the EU. Because data protection is an essential part of GDPR, it has had a significant impact on the importance of protecting personal data, especially from a cyber security perspective.

Continuous evaluation of cyber security

Higher security demands and structured security management are necessary to assure proper personal data protection. Each organization must continuously ensure systems that handle or store personal data. Since most IT environments are a network of computers, servers, etc., interconnected in different ways, organizations must ensure security throughout their entire IT environment.

The seven principles of GDPR

icon book-section blue

Lawfulness, fairness, and transparency

You may only process personal data if you meet the requirements of the law.

icon user-lock blue

Integrity and confidentiality

Personal information must be stored securely, not altered or stolen.

icon database blue

Data minimisation

You may only collect the information that is necessary to fulfill the purpose.

icon crosshairs blue

Accuracy

If you have personal information, you must keep it correct and up to date.

icon trash can clock blue

Storage limitation

Data should not be kept longer than needed and should be deleted.

icon exclamation triangle blue

Purpose limitation

You may only collect personal data for a specified purpose.

icon badge check blue

Accountability

You must be able to prove that you meet all these requirements.

Framework for increased security audits

GDPR requires a combination of technology, processes, procedures, and people working together to guarantee personal data privacy. IT departments need to establish security strategies and use them as a framework to prevent, monitor, and manage any data breaches. This includes developing policies and procedures to train employees to handle data correctly.

  • Establish processes and systems to identify possible signs of intrusions or security irregularities and notify and report these instances.
  • Implement preventive security systems such as firewalls and IDS (Intrusion Detection System).
  • Monitor users with administrator privileges to detect discrepancies or deviant behaviors.
  • Establish security policies that facilitate continuous monitoring of activities to detect irregularities or unauthorized access to personal data.
  • Otherwise, ensure that your organization has sufficient protection for the organization’s network against threats such as unauthorized intrusion, removal, and sharing, as well as copying and attempting to copy information.

Financial fines

British Airways

Lack of security led to hackers stealing information from about 400,000 customers.

British Airways had to pay €3,2 million in financials fines. 

Capio St. Göran

The hospital’s information system was not adequately secured and ignored the principle of minimum access, which gave users full access to all patient data, including sensitive information. 

Capio St. Göran had to pay €22,4 million in financials fines. 

Mariotte

Lack of security led hackers to steal 339 million customers’ data. Thirty-one million were EU residents.

Mariotte had to pay €20,4 million in financial fines. 

Facts about GDPR

  • GDPR (General Data Protection Regulation) is an EU-homogeneous regulation.
  • It has been implemented as a local law in each EU member state and replaced any previous local laws.
  • It was launched across the EU on May 25th, 2018.
  • The legislation aims to create coherence around the management of personal data within the EU and increase security.
  • In the case of a personal data breach, the controller shall, without delay no later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.
  • Penalties for non-compliance are either up to €10 million, or 2% annual global turnover – whichever is higher or up to €20 million, or 4% annual global turnover – whichever is higher. The fines are based on the specific articles of the regulation that has been breached.

Meet laws & recommendations

Strengthen your cyber security defense and ensure compliance with laws and recommendations. Our platform enables you to discover technical and human vulnerabilities, evaluate and prioritize risks, and address vulnerabilities throughout your IT environment.

Take your tour