What is the GDPR?

The GDPR (General Data Protection Regulation) seeks to create a harmonised data protection law framework across the EU and aims to give citizens back the control of their personal data, whilst imposing strict rules on those hosting and 'processing' this data, anywhere in the world. The Regulation also introduces rules relating to the free movement of personal data within and outside the EU.

Individuals are increasingly data-savvy and:

  • Understand how brands use their data for sales and marketing purposes
  • Are aware of their rights with regard to their personal data
  • Are concerned about the well-publicised threat of cyber data theft

Most organisations are concerned about the potential significant financial penalties the Regulation can bring, but some forward-thinking companies are also planning how to turn GDPR into an opportunity in 2017.

IBM's commitment to GDPR readiness

IBM is committed to providing our clients and partners with innovative data privacy, security and governance solutions to assist them on their journey to GDPR compliance.

Trust in Data

Data and its protection are becoming increasingly important to individuals and society. Enterprises must earn the public's trust in their ability to steward information. As IBM's long history of security and privacy leadership demonstrates, IBM understands that protecting privacy is essential to gaining trust. IBM was one of the first companies to appoint a Chief Privacy Officer, to develop and publish a genetics privacy policy, to be certified under the APEC Cross Borders Privacy Rules system, and to sign the EU Data Protection Code of Conduct for Cloud Service Providers. Now, IBM is continuing its long-standing leadership in the area of data privacy by responding proactively to the General Data Protection Regulation (GDPR).

IBM Commits to GDPR Readiness

IBM currently complies with privacy laws around the world. IBM is also preparing to comply with the European Union's new General Data Protection Regulation (GDPR) which will go into effect in May 2018. IBM has established a global project to prepare for GDPR, both for our internal processes and for our commercial offerings. IBM recognises that our customers will rely on IBM's offerings and technical assistance to achieve GDPR compliance within their own organisations and IBM is well-positioned to meet this critical need.

As part of its GDPR project, IBM is enhancing its ongoing commitment to privacy by design. IBM is working to embed data protection principles even more deeply into its business processes, with the objective that technical and organisational security measures limit, by default, the amount and use of personal data to what is specifically required. This work will also strengthen controls already in place to limit access to personal data, including with respect to mobile applications that rely on sensible default settings to prevent personal data from being inadvertently shared with others.

Read the eBook

How can IBM help on your journey to GDPR readiness?

IBM offers comprehensive solutions, services and expertise to help support your journey to GDPR readiness. There are five key areas that need to be addressed.



Protection of the fundamental privacy rights (e.g. protecting the security and confidentiality of Personal Data, but also providing proper use, notice, consent, choice, access, rectification and erasure, just to name a few.

Learn more



Determine how you can translate GDPR into actions, norms and values. Consider what measures need to be taken, are they effective and how can you improve them.



IBM Cloud is agile and scalable with built-in data security and privacy services and solutions that can be consumed on premises or as SaaS offerings. Our comprehensive data security platform helps safeguard sensitive data wherever it resides and provides a full range of data protection capabilities.

Learn more


People, Processes and Communications

Train your employees on GDPR requirements. They need to understand the risks and impact of improper data use. Take a look at your processes: how GDPR will influence them, what's the impact and how you can manage the required changes.



Govern and ensure the quality of your data, assess what data you have, what you're using it for and consider how you can interact with individual customers, clients, or third parties. This is crucial for offering transparency and trust which is demanded from GDPR.

Get started with an assessment

Our assessment can help you to decide on the best approach, step by step and in a structured way.


IBM pathways for GDPR readiness

Preparing your business for the changing realities of data protection in the European Union.

Planning for the General Data Protection

Considerations and recommendations to help you prepare for the upcoming GDPR data privacy standards.

Create a sustainable, governed data asset for GDPR and beyond

Learn how IBM is helping clients in getting ready for General Data Protection Regulation (GDPR).

IBM Cloud Secure Virtualization: Your key to simplifying GDPR compliance

This paper takes a closer look at how HyTrust, Intel, and IBM can help simplify your GDPR compliance efforts.

Simplify GDPR Compliance with IBM Cloud Secure Virtualization


Sign up to attend one or more of our upcoming, or on-demand, webinars.

Connect with our GDPR experts.

John Bowman

Senior Principal at Promontory, an IBM company. Formerly the UK government's lead negotiator on the GDPR regulation


Dr. Seth Dobrin

Vice President and Chief Data Officer, IBM Analytics


Jessica Douglas

IBM GDPR Leader, UK and Ireland, Financial Services


Heather Hinton, PhD

Vice President and IBM Distinguished Engineer, IBM Hybrid Cloud CISO


Richard Hogg

Global GDPR & Governance Offerings Evangelist, IBM


Cindy E. Compert, CIPT/M

CTO Data Security & Privacy, IBM Security