topic GDPR and Data Privacy compliance in Privacy https://community.isc2.org/t5/Privacy/GDPR-and-Data-Privacy-compliance/m-p/48238#M1383 <P>&nbsp;</P><P>We see there are some security and privacy consumer products in the market like Dark Web Monitoring, Credit Monitoring products, Social Media Monitoring products, Identity Theft Preventing Systems etc.</P><P>&nbsp;</P><P>Oftentimes, for all these products and services- security product offering companies outsourcing with few other third party threat intelligence companies like 4IQ, TRAPX etc.&nbsp;</P><P>&nbsp;</P><P>I have noticed Company X shares PII /PCT-DSS data of their customers with their TP partners and outsourced companies, of course with customer consent to provide the service.</P><P>&nbsp;</P><P>Does it fall under any other GDPR (let's say this is a global product offering)? What precautions should be taken from the product offering company point of view?&nbsp;</P><P>&nbsp;</P><P>For instance if company X shares all the profile pictures of it's customers with a TP Threat intelligence company to identify&nbsp;impersonators or fake accounts, does it pose any threat to Company X from privacy and data protection compliance or legal obligation point of view?</P><P>&nbsp;</P><P>your suggestions and thoughts much appreciated.</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 09 Nov 2021 11:01:28 GMT iluom 2021-11-09T11:01:28Z GDPR and Data Privacy compliance https://community.isc2.org/t5/Privacy/GDPR-and-Data-Privacy-compliance/m-p/48238#M1383 <P>&nbsp;</P><P>We see there are some security and privacy consumer products in the market like Dark Web Monitoring, Credit Monitoring products, Social Media Monitoring products, Identity Theft Preventing Systems etc.</P><P>&nbsp;</P><P>Oftentimes, for all these products and services- security product offering companies outsourcing with few other third party threat intelligence companies like 4IQ, TRAPX etc.&nbsp;</P><P>&nbsp;</P><P>I have noticed Company X shares PII /PCT-DSS data of their customers with their TP partners and outsourced companies, of course with customer consent to provide the service.</P><P>&nbsp;</P><P>Does it fall under any other GDPR (let's say this is a global product offering)? What precautions should be taken from the product offering company point of view?&nbsp;</P><P>&nbsp;</P><P>For instance if company X shares all the profile pictures of it's customers with a TP Threat intelligence company to identify&nbsp;impersonators or fake accounts, does it pose any threat to Company X from privacy and data protection compliance or legal obligation point of view?</P><P>&nbsp;</P><P>your suggestions and thoughts much appreciated.</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 09 Nov 2021 11:01:28 GMT https://community.isc2.org/t5/Privacy/GDPR-and-Data-Privacy-compliance/m-p/48238#M1383 iluom 2021-11-09T11:01:28Z