Penetration testing is one example of a ‘stress test’, which is designed to reveal areas of potential risk and things that you can improve on your IT systems and network.
In some industries, you are required to undertake tests of security measures on a regular basis. The GDPR now makes this an obligation for all organisations. Importantly, it does not specify the type of testing, nor how regularly you should undertake it. It depends on your organisation and the personal data you are processing.
You can undertake testing internally or externally. In some cases it is recommended that both take place.
Whatever form of testing you undertake, you should document the results and make sure that you act upon any recommendations, or have a valid reason for not doing so, and implement appropriate safeguards. This is particularly important if your testing reveals potential critical flaws that could result in a personal data breach.
Email firstname.lastname@example.org to discuss how we can help you.