What is GDPR?

The GDPR (General Data Protection Regulation) seeks to create a harmonised data protection law framework across the EU and aims to give citizens back the control of their personal data, whilst imposing strict rules on those hosting and ‘processing’ this data, anywhere in the world. The Regulation also introduces rules relating to the free movement of personal data within and outside the EU.

Individuals are increasingly data-savvy and;

  • Understand how brands use their data for sales and marketing purposes
  • Are aware of their rights with regard to their personal data
  • Are concerned about the well-publicised threat of cyber data theft

Most organisations are concerned about the potential significant financial penalties the Regulation can bring, but some forward-thinking companies are also planning how to turn GDPR into an opportunity in 2017.

Start your GDPR journey

Only the organisations that deliver true transparency to their customers will build strong trust in the brand. Start the GDPR transition with an emphasis on your customer – to drive process, policy, technology and people decisions.

How can IBM help on your journey to GDPR readiness?

IBM offers comprehensive solutions, services and expertise to help support your journey to GDPR readiness. There are five key areas that need to be addressed.



Determine how you can translate GDPR into actions, norms and values. Consider what measures need to be taken, are they effective and how can you improve them.


People & communication

Train your employees on GDPR requirements. They need to understand the risks and impact of improper data use.



Take a look at your processes: how GDPR will influence them, what’s the impact and how you can manage the required changes.



Govern and ensure the quality of your data, assess what data you have, what you’re using it for and consider how you can interact with individual customers, clients, or third parties. This is crucial for offering transparency and trust which is demanded from GDPR.



Protection of the fundamental privacy rights (e.g. protecting the security and confidentiality of Personal Data, but also providing proper use, notice, consent, choice, access, rectification and erasure, just to name a few.

Get started with an assessment

Our assessment can help you to decide on the best approach, step by step and in a structured way.



GDPR is more than just information security, data governance or training employees. It is complex and far-reaching legislation, comprising many components that touch organizations in numerous ways and at all levels.

At the same time, GDPR is just the latest in the ever-increasing number of regulations which needs a strong Information Governance program and technical framework to succeed. A comprehensive approach is required, taking all of its aspects into consideration.

The assessment we developed can be a great help with that, whether your company has already begun tackling GDPR or is preparing its first moves. The assessment begins with determining the main GDPR stakeholders in your organization per key area of attention. This is done together with the person responsible for data privacy in your organization (you may even already have a special data privacy officer in place). These stakeholders might be: representatives of the HR department, for communication, training and personnel data; of the marketing department, for protecting your brand and your customer data; and of the IT department, for security issues. Interviews and workshops will be planned with all these people.

There are two versions of the assessment.

The first is ‘speed week’. This assessment takes just one week and is intended for companies which already have a GDPR readiness plan in place. Together we will look at your roadmap to determine how complete it is. This will result in recommendations on how to realize your goals, speed-up the process and increase your chance of success.

Or do the full assessment, this takes four to six weeks, depending on the number of stakeholders involved. It will address all five key areas and GDPR requirements. Both types of assessments will lead to a practical roadmap, in a short period of time, drawn-up in close co-operation with your internal stakeholders and owned by your data privacy officer or designated individual.

Both types of assessments will lead to a practical roadmap, in a short period of time, drawn-up in close co-operation with your internal stakeholders and owned by your data privacy officer or designated individual.

The Goal

The main goal of the IBM assessment is to create a road map to help prepare your organization for GDPR, looking at the five main areas of attention to determine what needs to be done. These areas are governance, people and communication, processes, data and security. The focus should be on where your company´s biggest risks are and to be sure to address these issues first – helping you to become ready for the respective GDPR requirements by May 2018.

Checklists and accelerators

Checklists and accelerators ensure the effectiveness of the sessions. We developed GDPR outcome-based materials like an overview of all GDPR requirements and measures, a list of all types of personal data, but also ready-to-use agendas to be customized for the different participants in the interviews or workshops. This way processes that could take weeks can be handled more quickly.

During the workshops the GDPR requirements are weighed against the processes, norms and values of your company in a consistent manner. The gaps and priorities found will lay the foundation for your roadmap.


IBM pathways for GDPR readiness

Preparing your business for the changing realities of data protection in the European Union.

Planning for the General Data Protection

Considerations and recommendations to help you prepare for the upcoming GDPR data privacy standards.

Create a sustainable, governed data asset for GDPR and beyond

Learn how IBM is helping clients in getting ready for General Data Protection Regulation (GDPR).

Prepared for the GDPR? Top 10 Findings From Hurwitz & Associates Survey*

Learn the 10 most interesting findings of a recent survey Hurwitz conducted, with responses from organizations in 11 countries. The majority of companies were in the technology, professional services and financial services industries.

The Journey to Value

IBM Solutions can assist your business with GDPR preparation.

Are you ready? The New General Data Protection Regulation (GDPR) is Here

Learn how IBM can help you prepare for the upcoming GDPR regulation, including and beyond data privacy, security, and information lifecycle management.



*This report was developed by Hurwitz & Associates - with IBM assistance and funding. This report may utilize information, including publicly available data, provided by various companies and sources, including IBM. The opinions are those of the report’s author, and do not necessarily represent IBM’s position.