As the threat of privacy litigation or regulatory enforcement action increases (albeit mostly outside of the UK), pen-testing cybersecurity controls is a valuable tool to evaluate privacy programme effectiveness. While similar to cybersecurity pen-testing, privacy pen-tests are different because they simulate how a law firm, consumer group or data protection authority investigates and litigates potential areas of privacy non-compliance. In this article, the IAPP writes that pen-testing includes identifying key elements of compliance in a company's privacy programme to test, deciding what applications fall within the scope of the exercise and reporting findings "in the form of privileged legal memorandums that outline the factual findings, legal analyses and recommendations."
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
