Light

circl / compliance Goto Github PK

View Code? Open in Web Editor NEW

61.0 14.0 12.0 2.44 MB

Legal, procedural and policies document templates for operating an IRT

License: GNU Affero General Public License v3.0

gdpr legal csirt-activities privacy-notice privacy incident-response

compliance's Introduction

legal compliance and CSIRT activities

This repository contains information and materials to support CSIRT activities and especially regarding legal compliance.

GDPR and privacy-related activities for CSIRTs

Slides

Slides - CSIRT and GDPR workshop 7th May 2018

FAQ

General FAQ

Privacy notices for CSIRT services

Privacy notice for OpenPGP keyserver
Generic Privacy notice - CIRCL - privacy notice in Markdown format reusable under the terms of the Creative Common Attribution 4.0 International (CC BY 4.0) license.

Additional documents

MISP and information sharing

Analysis Information Leak framework (AIL) and MISP

AIL information leaks analysis and the GDPR in the context of collection, analysis and sharing information leaks - PDF version

CSIRT tooling

CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools

Acknowledgement

This work is co-financed by the European Union under the CEF grant 2016-LU-IA-0098 and CIRCL. Thanks to all the contributors who helped by providing feedback, issues and documents.

compliance's People

Contributors

Stargazers

Watchers

Forkers

rdincel1 jack51706 circlsupportuser aaronkaplan hackerflair govcert-lu haam3r benhe119 todun seclab-int-dev-group hefedev supaket

compliance's Issues

GDPR/AIL

Good stuff, thanks.

A couple of things that strengthen your argument. First, the Legitimate Interests basis allows you to include the Interests of third parties, too, so if you plan to notify organisations or individuals about leaks of their information then that strengthens the argument for processing the personal data in the first place. See, for example, p.28 of Article 29 Opinion 06/2014 on Legitimate Interests and section 4.1.1 of my paper on Incident Response and the GDPR

There's also an argument, I think, that planning to notify individuals (either directly or via relevant third parties) of leaks supports the Article 14 (qualified) requirement to notify. Again that should make the argument in favour of processing stronger.

Andrew

Mistake in a slide

https://github.com/CIRCL/compliance/blob/master/gdpr/workshop-materials/02-DS_CIRCL_2016-LU-IA-0098_slide_workshop_data_science_2018.05_v1.3.pdf

on page 4 lists "Not legal person" as a requirement to be a data subject. This should obviously be "Legal person"

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.