{"id":64,"date":"2018-06-24T11:39:00","date_gmt":"2018-06-24T16:39:00","guid":{"rendered":"https:\/\/coopercain.com\/?p=64"},"modified":"2021-12-09T12:29:05","modified_gmt":"2021-12-09T17:29:05","slug":"why-do-security-groups-seem-to-have-issues-complying-with-the-new-gdpr","status":"publish","type":"post","link":"https:\/\/coopercain.com\/?p=64","title":{"rendered":"Why Do Security Groups Seem to Have Issues Complying With the new GDPR?"},"content":{"rendered":"\n<p>The new European Union Privacy Regulations, fondly known as the GDPR (EU-2016\/679) took effect in late May, 2018. If you listened to some crime fighters we would all be dead by now as the criminals would have taken over the world. And the Internet. We at the APWG try to reduce the amount of phishing and fraud on the internet. We have been working on understanding and preparing for compliance with the GDPR for over a year. It\u2019s hard to understand, has lots of details to comply with, but definitely not the world ending event some have imagined.<\/p>\n\n\n\n<p>If the regulation is so exacting, why is compliance so hard? From personal experience, many organizations legal and compliance teams are overworked; when new regulations appear the teams hope that there is also some guidance on how to comply and how soon \u2013 or a hint as to how severe- non-compliance will be.(If you don\u2019t agree with me, you\u2019ve never worked in a legal or compliance team.) So I\u2019m taking a wild stab here, but from my experience there are three large issues:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Not all data sharing is contract-based nor covered by \u201cbinding corporate rules\u201d as defined in the GDPR. The APWG\u2019S Data Sharing Agreement (DSA) \u2013 a contract \u2013 was put in place to specify what parties taking our datasets could do with it. It made the sharing-field very level \u2013 everyone who sent us data or took data new exactly the boundaries of what they could do with the data. Many data sharing organizations, both formal and informal, are not contract-based and now need to quickly develop contracts.<\/li><li>When new regulations arrive, there is an amount of guesswork to figure out how to minimally comply with it. Most organizations do not want to violate the law, but new laws require new thinking, new paperwork, new processes, on how to comply with it. The EU and its members has not been very forthright in specifying how an organization could minimally or consistently comply with the regulation.<\/li><li>The regulation has onerous enforcement provisions. Although the EU or its members may not attack non-compliant organizations on day one, the regulations allows any EU natural person to bring enforcement action by themselves upon an organization. The volume and expense of these actions are all unknown making the previous bullet even harder.<\/li><\/ol>\n\n\n\n<p>Just my thoughts, but I bet I\u2019m close to the target.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The new European Union Privacy Regulations, fondly known as the GDPR (EU-2016\/679) took effect in late May, 2018. If you listened to some crime fighters we would all be dead by now as the criminals would have taken over the world. And the Internet. We at the APWG try to reduce the amount of phishing &hellip; <a href=\"https:\/\/coopercain.com\/?p=64\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Why Do Security Groups Seem to Have Issues Complying With the new GDPR?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,6,7],"tags":[],"class_list":["post-64","post","type-post","status-publish","format-standard","hentry","category-apwg","category-data-sharing","category-goverance"],"_links":{"self":[{"href":"https:\/\/coopercain.com\/index.php?rest_route=\/wp\/v2\/posts\/64","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coopercain.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coopercain.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coopercain.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/coopercain.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=64"}],"version-history":[{"count":1,"href":"https:\/\/coopercain.com\/index.php?rest_route=\/wp\/v2\/posts\/64\/revisions"}],"predecessor-version":[{"id":65,"href":"https:\/\/coopercain.com\/index.php?rest_route=\/wp\/v2\/posts\/64\/revisions\/65"}],"wp:attachment":[{"href":"https:\/\/coopercain.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=64"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coopercain.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=64"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coopercain.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=64"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}