Use your computer fearlessly.

Mission Services Articles Research

everyone: older news

business: Intractable Cybersecurity, Quantum Communications

GDPR Outlaws Penetration Testing

by Brent Kirkpatrick

(Date Published: .)

Under new laws for data governance, penetration testing is effectively illegal.

The European Union's General Data Protection Regulation (GDPR), implemented in May 2018, effectively outlaws penetration testing. Any network that stores data belonging to E.U. citizens' falls under GDPR. This means that even if the network resides in the U.S., the E.U. is able to fine companies for violations.

GDPR has specified that E.U. citizens must opt-in to specific uses of their data. This means that if your network contains data belonging to E.U. citizens, each person would have to opt-in to each penetration test.

EU computers labeled GDPR outlaws penetration testing

For those of you who employ penetration testing, you may be trying to find ways to continue while respecting GDPR. Please recall that penetration testing has the goal of obtaining administrative access to systems by means of hacking. In some cases penetration testers even demonstrate that they can exfiltrate data (i.e. by copying data that they were not given permission to access). Both the access to and the exfiltration of data belonging to E.U. citizens is forbidden, even in the context of penetration testing.

The data minimization ideas built into GDPR require that access to personal data is limited to people that need to process the data. Since penetration testers are not necessary for data processing, and presumably the owners of the data were not told about the penetration testing, there is no opportunity for the consent required under GDPR.

Please avoid penetration testing on systems that store data belonging to E.U. citizens.

Please contact us at Intrepid Net Computing if you need solutions to cyberattacks that do not involve penetration testing.

Trojan Hunter image

Trojan Hunter (TM). Digital forensics for Trojans at an accessible, fixed price. For any operating system.

Business Articles

Network Attack Surface

Infrastructure Security

What is Wrong with Cyberinsurance?

Computer Security is Algorithmically Intractable

New Technologies for a New Cybersecurity Marketplace

Why Clean-Up Hacking?

INC Logo

What Is New? | Contact | Tips

© 2015-2023 Intrepid Net Computing. All rights reserved.