Build GDPR Compliance into Your Applications with IriusRisk

 | Compliance, Continuum Blog, IriusRisk

Back in June I wrote some practical guidance on GDPR and application security and made the following comments:

… many applications we develop have commonalities, we are able to create architectural risk patterns that can be applied to other applications.

The key to simplification is to break down the application into individual architectural patterns – for example the registration form – and then ask ourselves pertinent questions in relation to GDPR requirements.


Within our IriusRisk Threat Modeling platform we have done the hard work for you. If you indicate that your application will process PII data and this data relates to data subjects within the EU, then GDPR standards and risk patterns will be applied.

IriusRisk does not simply import the entire GDPR Standard and overwhelm security and development teams, but rather applies specific GDPR security requirements relevant to the service you are building.

For example, it’s only useful to import GDPR requirements relating to a user interface if your service includes one. IriusRisk ensures this is the case and only those measures that make sense are recommended.

The auto-generated GDPR requirements can be viewed by security teams and auditors within IriusRisk and can be uploaded to issue-trackers for developers to implement during the build process.

Communication between IriusRisk and issue-trackers is bi-directional allowing security teams and auditors to observe current adherence to – and progress of – GDPR compliance in near real-time. This has the additional benefit of facilitating communication between the relevant stakeholders.

The simplicity of this process is illustrated in the video below:

Did you like this article?

  • Schedule a meeting with Continuum Security at Def Con 2018
    Schedule a meeting with Continuum Security at Def Con 2018Our CTO Paul Santapau will be in attendance at the upcoming Def Con conference in Las Vegas August 9th-12th. Please do let us know if you would like to schedule a meeting with Paul to discuss all things DevSecOps and our IriusRisk threat modeling platform – including new features and future development.   If you’re […]READ MORE
  • Why invest in a threat modeling tool?
    Why invest in a threat modeling tool?Over on the Leviathan Security blog Crispin Cowan pens his thoughts on the “Calculus of Threat Modelling” within which he makes this comment: There are many threat modeling tools available, but they are really just substitutes for threat modeling best practice, which is for a threat modeling expert to meet with engineers who are experts on the […]READ MORE
  • Continuum Security Interview with Adam Shostack
    Continuum Security Interview with Adam ShostackAt the recent Open Security Summit we had the great pleasure of interviewing Adam Shostack about his keynote presentation “A seat at the table” and the challenge of getting security involved in product and application design. We covered numerous topics from the benefits brought to business by threat modeling to pooping unicorns. Adam is a member of our […]READ MORE