The GDPR Impact on Cybersecurity Information Sharing Discussed in ISAO Hot Topic Spotlight

SAN ANTONIO (July 26, 2018) — The Information Sharing and Analysis Organization Standards Organization (ISAO SO) hosted its third ISAO Ecosystem Spotlight webinar on July 25 on the topic of how the General Data Protection Regulation could impact cybersecurity information sharing efforts with Norma Krayem, senior policy advisor and global chair, Holland & Knight Cybersecurity & Privacy Team.

Krayem initially provided an overview of the EU’s GDPR, which became effective May 2018. She explained how the EU Commission’s primary goal with the GDPR is to simplify the regulatory environment for international businesses around privacy and security, and security by unifying the regulations with the EU. Krayem continued to explain penalties for non-compliance could include fines of up to the greater of 4 percent of global gross revenue or more than $20 million.

In addition to highlighting five basic tenets of focus for the EU, Krayem shared insights into how the GDPR impacts information sharing organizations and vendors. She emphasized the need for each individual and organization to understand the definitions of a “Controller” and a “Processors”, since ISAOs are inherently both. Whether an ISAO has data from one source or many, any entity with EU data, including ISAOs, must comply with GDPR. She added that there is a need for harmonizing global rules of engagement in relations to cyber information sharing and that the GDPR rules also mean that clear structures, protections and requirements need to be in place for the ISAO and all of its vendors.

Krayem acknowledged that there are challenges of GDPR and cyber information sharing, but that ISAOs need to know the basic definitions of personal data, issues around consumer consent and EU law enforcement exemptions.

Following the GDPR discussion with Krayem, the Vendor Spotlight was led by Wapack Labs’ Chief Intelligence Officer Jeff Stutzman. Wapack Labs continued the discussion the discussion on GDPR with how information sharing organizations can transform their cybersecurity with the right intelligence and tools. Stutzman shared a ransomware cyber story, explaining what happened in connection with GDPR and how it was solved.

The July ISAO Ecosystem Spotlight webinar is part of a new bi-monthly webinar series that launched in March 2018 to engage the greater information sharing community and provide alternating topics of interest, from Hot Topics to Technical Spotlights. The webinars are open to the entire information sharing community and registration for the webinars are free.

The presentation recording is available in the Past Events section of isao.org. Questions regarding the presentation can be directed to Krayem at Norma.Krayem@hklaw.com or Stutzman at Jeff.Stutzman@wapacklabs.com.