Skip Ribbon Commands
Skip to main content

Get your security controls ready for GDPR, to help you to achieve compliance

It’s now less than a month to go before the EU General Data Protection Regulation goes live on the 25th of May 2018, and many of us are still busy preparing processes, procedures and technical security controls to ensure compliance with the new regulation.

In this NNIT Security Insights article, we take a quick look at some of the security controls that will help organization to comply with the EU GDPR.

A security control is a safeguard implemented in order to minimize security risks to for example electronic information stored in a system. For EU GDPR, the following four security controls should be considered:

  • Data Protection: Ensures that data is protected against loss of Confidentiality, loss of Integrity or loss of Availability. This control covers a number of areas, such as access control, encryption, data backup, and system availability.

  • Access Control: Ensures that only authorized persons with a business need are able to access personal data.

  • Data Retention: Ensures that data is retained for as long as there is a legal basis for retaining this, and not longer.

  • Logging & Monitoring: Ensures that access to data is monitored and logged, which assists in demonstrating compliance, and also assists in the event that there is a data breach.

Where to start?

A good place to start is to carry out an assessment of your existing security controls for each of the controls listed above, which will enable any gaps to be identified.
Once the gaps have been identified, a roadmap of activities needed to close the gaps can be developed and implemented.

Do you have anything to add? Do you think anything is missing? Please let me know and share your comments!

About the Author

John Clayton is an IT Management Consultant and Cybersecurity Specialist with more than 20 years’ experience in IT and Management Consulting, and with roles bridging Business and IT.

About NNIT Security Insights

NNIT Security Insights is a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.

NNIT has its own Cyber Defense Center. If lightning strikes, we have the necessary competencies in-house to respond and assist. We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage.

You are welcome to contact us at if you want to know more about how NNIT can help your business increase its information security level.



Helge Skov Djernes+45 30758868hfsd@nnit.comInformation Security Management Consultant Skov Djernes



Cloud Security Security
Identity & Access Management & Access Management
Managed Security Security
VR Cybersecurity Training Cybersecurity Training
How scammers attack your company using CEO fraud scammers attack your company using CEO fraud
The Fine Art of Aligning Business Strategy and Information Security Strategy Fine Art of Aligning Business Strategy and Information Security Strategy
​​​Building a sustainable defence: How to secure your operational technology (OT) environment​​​​Building a sustainable defence: How to secure your operational technology (OT) environment​
Breach Preparedness Preparednes.aspxBreach Preparedness
NNIT Cybersecurity Summit 2019 Cybersecurity Summit 2019
Digital Work Place Work Place