HTTPCSEuropean cybersecurity leader

What is GDPR ?


The General Data Protection Regulation (GDPR) is the new European settlement which aims to give European citizens control over their personal data. Decided in December 2015, this regulation will apply from 2018 and concerns any company that collects, processes and stores personal data that enable to identify a person.



Prepare for GDPR
Challenges and obligations for operators of all sizes



Uniformisation of the regulation: awakening of the preoccupations


Cyber-risks are international, their impact and their severity levels evolve much faster than the implementation of good practices in terms of data protection and cyber security. Malicious code authors are more and more skillful at disguising their attacks via internet with cleverer, more discreet, diverse and furtive new threats.



  • Logo time

    In 60% of cases, a few minutes is all it takes for hackers to compromise a system

  • Logo Attaque

    85% of attacks come from outside

  • logo vol de donnee

    1 out of 10 data theft is internal

  • logo Fuite

    5% of data leaks are accidental

  • Logo Bouclier

    88% of consumers class the protection of their personal data as the number one selection criteria before a purchase



Mass cyber attacks or targeted data thefts, these threats expose more and more victims and are additional risks to competitiveness. Faced with this situation, Europe acted and attempted to unify the regulation to guard citizens and web users, more and more aware of the problems surrounding the confidentiality of their data. After four years of studies and negotiations, the GRDP “General Regulations on Data Protection” was born. This text, applicable from May 2018 affects all European organizations. They must now adopt tools and procedures.




Protection requirements during the whole life cycle of data


Any data relating to an identified / identifiable person are included in the GRDP, whatever their intended use. Therefore the management of personal data no longer only concern the businesses present on the internet, but any organization and service provider handling HR data, BtoB/BtoC, IP, mobile information, Cookies etc...
The consent of the citizen with regards to the collection of its data must always be explicit and documented. Organizations must be able to prove on an ongoing basis and retrospectively their diligence in terms of protection during the life time of this data:



Collection Use Storage Management Deletion
Consent traceability Ongoing protection and security Access authorization Freedom to correct Right to be forgotten
Overview, risk evaluation, study and analysis of impacts, encrypting, audits, integrity and availability of data, regular control and verification of measures


Proactive actions vs sanctions for operators of all sizes



Up to €20 million arrow

The highest is retained

Up to 4% of the annual turnover
arrow The highest is retained
Notification following a case of theft or data leak:
  • - Within 72 for an medium impact
  • - Immediately for a high risk

At any time, through precises documentation, the person responsible for the treatment must be able to prove the compliance of his/her data and/or the level of its compliance, the implementation of regular controls and the identified mechanisms not limited to the following:



  • Encrypting
  • Management of identifiers
  • Proactive security of the collection technologies
  • Protection of the database management systems
  • Proactive detection and correction of security flaws
  • Cyber Vigilance and update of vulnerabilities
  • All stakeholders receive communication, awareness and training
  • Taking into account every sign of failure and correct it quickly (Incident response etc...)


HTTPCS desktop screenshot Scanner HTTPCS tablet screenshot Scanner HTTPCS phone screenshot Scanner