Threat Information Sharing Under GDPR
The General Data Privacy Regulation (GDPR) is intended to protect the fundamental rights of EU data subjects. However, where GDPR intersects with cybersecurity is little understood. This, in turn, has undermined threat information sharing as an essential tool for combating cyberattacks, including attacks engineered by criminal and terrorist organizations, and Nation States.
As cyberattacks continue to increase in number and sophistication, threat information sharing may (and should) be employed by banks, brokers, insurance carriers, and other areas of critical infrastructure to identify vulnerabilities and prevent the spread of successful cyberattacks to other organizations.
Rick Borden and Josh Mooney address threat information sharing and discuss why it is lawful under GDPR in their article Threat Information Sharing Under GDPR.