Today we announced two major partnerships that will help us bring Matchlight’s data intelligence capabilities further into the European market. MMOX, based in The Hague, and adyton, based in Munich, both bring deep experience providing intelligence to European enterprises in The Netherlands, Germany, Austria, Switzerland, Belgium, Luxembourg, and beyond. We are excited to partner with both organizations to help bring Matchlight’s dark web insights to European organizations.
The dominant news for European information security this year is, obviously, GDPR, or the General Data Protection Regulation. GDPR is an immense new law that takes effect this Spring for any business that operates within the European Union. It is a complex and far-reaching law that pushes businesses to adopt best practices in securing personal data and be forthcoming and transparent about data breaches. It puts harsh penalties in place for non-compliance, including massive fines of up to 4% of global annual turnover. It also expands the definition of personal data and holds accountable not only primary data controllers, but the contractors with whom they deal to process that data.
To us, GDPR represents a template for improving security across the entire internet, and other governments around the world should (and likely will) follow suit in the coming years. It creates accountability for companies like Equifax that collect personal information of individuals but have little incentive to properly secure it, since those individuals affected by the breach are not, in fact, their customers. This situation—common in today’s data-driven internet economy—creates the perfect example of an externality requiring regulatory intervention, and we and others have been calling on governments to further employ regulatory solutions to help make the internet more secure.
In the meantime, there are two aspects to GDPR, specifically, that we find most interesting. First, the regulation requires companies to employ industry best practices in securing data and monitoring (and promptly disclosing) data breach activity. Obviously, dark web monitoring and intelligence about specific personal data held by a company are key elements of a state-of-the-art information security posture. However, GDPR contains a catch – sharing that sensitive personal data for intelligence purposes can potentially open up an organization to further liabilities under GDPR itself, since liabilities extend beyond data controllers themselves to contractors that process data on their behalf.
This is where Matchlight’s patented data fingerprinting technique comes in handy. Our method is perfectly positioned to be able to provide European (and other) organizations intelligence on their specific data on the dark web, a key element of GDPR compliance, all without opening them up to further liability. It’s the perfect pairing, and we’re excited to get it out into the European market in time for GDPR to take effect.
We’ll be writing a lot more this year about the European market and about GDPR, so stay tuned! À bientôt!