Incident Response in Post-GDPR World
Incident Response has always been a complex activity, requiring a multi-disciplinary approach to ensure proper handling. Although the issues of privacy and personal data protection are not new to incident handlers, the recent European legislation - General Data Protection Regulation (GDPR) - poses additional challenges, as well as provides orientation on how those challenges can be overcome. There are several questions that should be answered by incident handlers, when analyzing a security incident that will either increase or decrease the impact of possible data protection issues. The GDPR itself recognizes the importance of dealing with these issues from the stand point of risk assessment, and deciding based on a preponderance of factors. Among the topics to be discussed:
- Cybersecurity data may contain personal data. Handling this sort of data, even in an incident handling context, carries risks;
- The risks should be balanced with the legitimate interests of organizations, in accordance with GDPR (and related legislation);
- Typical use cases and scenarios.