Cyber Threat Intelligence and GDPR will be spotlighted at a workshop held by Bertin IT in collaboration with Olivier Iteanu, a lawyer specialized in digital law, at Assises de la Sécurité et des Systèmes d’Information – an information security and systems trade fair – in Monaco from October 10 to 13.
The General Data Protection Regulation which came into force on May 25, this year, laid down the law for the entire digital economy. Caught between imagination and reality, firms find hard to see the true picture and sometimes give way to panic. “The GDPR should be considered more calmly,” recommends Mr. Olivier Iteanu, an attorney at Paris Appeal Court and honorary president of Internet Society France. This digital law specialist has heard innumerable stories of panic-stricken behavior triggered by the new regulation. Some firms even wondered whether they should delete their staff registers! As the heart of their worries, it often thought that the GDPR boils down to obtaining users’ consent for the processing of their personal data. But “that isn’t the only legal criterion,” points out Mr. Iteanu. “It’s just one of six.”(1)
In fact, the Regulation does allow for the case of processing without prior consent on the grounds of the “legitimate interests” of the data controller. This notably covers the cyber threat intelligence (CTI) operations where searches for data breaches and fraudulent activity threatening the firm’s assets may justify recourse to those steps. Care should be taken, however, as the legal provisions do not define any criteria for those “legitimate interests”.
So what does all this really mean in practice? What are the red lines we mustn’t overstep? Answers will be provided on the basis of use cases presented by Marc Lionti, Director of CTI Services at Bertin IT and explanations from Mr. Olivier Iteanu.
Time and place: Friday, 12 October 2018
from 11 to 11.45 a.m. in the Bosio 2 room
You will also find Bertin IT on stand number 4 in the Hexatrust area.
(1)The other five legal criteria are necessity for the performance of a contract, legal obligation, vital interests, legitimate interest and general interest.
(2) ICANN is the world authority for the management of internet domain addresses and names, based in California, USA.