We'll discuss the different design aspects to be considered for developing and maintaining enterprise APIs. We will chanell across different layers of security to ensure a proper holistic secure inclusion. From logging, traps, anomaly detection, rate limits, secure deployment, CI/CD, tokenization, fraud detection and more. We will talk about API gateways from a security point of view. This should help you better understand the requirements of properly securing your APIs
The laws generally provided for the protection of personal data, in penal laws, civil laws, child laws, and central bank laws, but recently, specifically in 2016, the general data protection regulation was born, which entered into force in 2018, and the GDPR is the regulation for the protection of personal data The most strict in the world for its critical details and heavy fines, tech giants have recently been among their biggest victims of heavy fines for the breaches of their provisions.
Since then, data protection laws have become the talk of the hour and the most important file on the table of governments, parliaments, and even companies.
Governments began enacting laws to protect personal data, and companies began to pay close attention to governance and compliance with data protection laws.
The paper will focus on personal data protection laws in two ways:
1- The first aspect is the governance and compliance procedures that are required of companies, especially the Startups that seek to expand in many countries.
2- The necessary procedures for countries to ensure the proper application of personal data protection laws and the amendments to be added in addition to cooperation protocols between countries, some of which are within the scope of cross-border data.
The importance of the paper for Startups is that they are interested in the rapid expansion of the same business model without looking at data protection laws in other countries. For example, financial technology companies under the supervision of the Central Bank come out of the scope of application of the Egyptian Personal Data Protection Law, but when they expand to another country, they find that they may enter the same model under the data protection laws in that country, in addition to the judicial scope of the application of the European Regulation for Companies that Expand in European countries or dealing with data of EU citizens.
The paper will come up with recommendations within the scope of the startups' vision on their ability to comply with the data protection law in Egypt or their departure from the scope of its application in other countries, and the extent to which companies can reconcile internal data protection laws and in other countries while building their own business model.
Finally, the proposed amendments to data protection laws are in accordance with the state's vision to support the digital economy.
Adham has more than 14 years of cyber security contribution to the community. He came from a computer engineering background, scientific research and deep passion for development. He holds a MEng in Cybersecurity. He led many penetration testing, application security and forensics engagements. Through 9 years of enterprise security consultation, he acquired strong experience in guiding enterprise companies and government sector towards a better, resilient information security strategy.