General Data Protection Regulation (GDPR) Principles and Primer

Share this post:

With the new General Data Protection Regulation (GDPR) guidelines coming in to full effect in the European Union (EU) by May 2018, it is imperative that companies understand the new regulation end-to-end. Many of the GDPR’s main concepts and principles are similar to those in the current Data Protection Act (DPA), so if companies are complying properly with the current law, then most of their approach to compliance will remain valid under GDPR. However, there are new elements and significant enhancements that will make full compliance harder to achieve.

GDPR is designed to give individuals better control over their personal data and to establish one single set of data protection rules across the EU. Companies are required to “implement appropriate technical and organizational measures” in relation to the nature, scope, context and purposes of their handling and processing of personal data. Data protection safeguards must be designed into products and services from the earliest stages of development.

These safeguards must be appropriate to the degree of risk associated with the data held and might include:
– Pseudonymisation and/or encryption of personal data
– Ensuring the ongoing confidentiality, integrity, availability and resilience of systems
– Restoring the availability and access to data in a timely manner following a physical or technical incident
– Introducing a process for regularly testing, assessing, and evaluating the effectiveness of these systems

IBM offers a comprehensive approach to help prepare for GDPR compliance with solutions and services from assessment to full-scale implementation. Our approach covers many of the necessary activities to support GDPR readiness across five domains: governance, employee training and communications, processes, data and security.

IBM has developed IBM Cloud Secure Virtualization, a solution specifically focused on addressing the concerns of security and compliance for enterprises. Created on single-tenant bare-metal servers on IBM Cloud, it is the first cloud offering to leverage HyTrust and Intel TXT security technologies to help solve for GDPR compliance by tagging and enforcing set policies, offering forensic logging and low-latency encryption (with Intel AES-NI) and key management.

Specifically geared toward clients in highly regulated industries, IBM Cloud Secure Virtualization is designed to give enterprises control over where their data is located to address performance, security and data privacy needs. With IBM Cloud Secure Virtualization, clients will benefit from:

Accurate Data Location

Data location is knowledge of the actual, physical location of a host. The hardware-based tags are HyTrust descriptors that let you “tag” hosts by location, capabilities, compliance requirements, or other logical identifiers. Because these are hardware-based descriptors, they are part of the host’s launch environment and are measured by Intel TXT each time the host launches.

Verified Boundary Control

Boundary control is enabled either by software-based tags or through the more robust security option via Intel TXT’s hardware-based policy tags, couped with HyTrust workload security software. Once admins knows the actual, physical location of each host, they can use HyTrust policies to restrict data and workloads to only authorized locations, and provide evidence-based reporting to verify those restrictions.

Additional geo-fencing

Geo-fencing is the ability to separate workloads within a trusted compute pool. And helps solves for data sovereignty requirements. Data can only be decrypted on good, known hosts in authorized geographies.

Smarter, faster decryption

The solution stack from IBM, Intel, VMware, and HyTrust helps ensure that that decryption occurs only on authorized servers in trusted locations. Even if a data is moved to an untrusted host, the data cannot be decrypted. In addition, with trust attestation and data location, HyTrust policies can enforce and approve decryption requests only for authorized hosts that are physically located in authorized locations.

Evidence-based compliance

Regulatory requirements typically require data protection to mitigate risk in the event of a loss or breach. Intel TXT and HyTrust allow security administrators to set and apply consistent, logical policies at the virtual workload level –and provide visibility and logging of all virtualized activity. In addition, HyTrust provides logging of administrator actions based on individuals, so that IT can now provide evidence-based audits and reports, and enable forensic-level analyses and audit logs when required.

Data security is a primary concern for enterprises considering hybrid cloud adoption –particularly in highly regulated industries such as financial services, healthcare and government. IBM Cloud is the only platform to have a offer a secure solution that assists clients with security concerns and compliance reporting readiness. IBM Cloud Secure Virtualization’s unique collaboration with Intel and HyTrust not only reduces the barriers to cloud adoption, but does so with additional capabilities that help organizations meet GDPR requirements, as well as HIPAA, PCI and more.

Ready to learn more about IBM Cloud Secure Virtualization?  Visit our webpage or join our new webcast – which includes a live demo, to learn more from experts about IBM’s solution.

Register for the webcast

Offering Manager - IBM Cloud for VMware Solutions

More Community stories
May 7, 2019

We’ve Moved! The IBM Cloud Blog Has a New URL

In an effort better integrate the IBM Cloud Blog with the IBM Cloud web experience, we have migrated the blog to a new URL:

Continue reading

May 6, 2019

Use IBM Cloud Certificate Manager to Obtain Let’s Encrypt TLS Certificates for Your Public Domains

IBM Cloud Certificate Manager now lets you obtain TLS certificates signed by Let’s Encrypt. Let’s Encrypt is an automated, ACME-protocol-based CA that issues free certificates valid for 90 days.

Continue reading

May 6, 2019

Are You Ready for SAP S/4HANA Running on Cloud?

Our clients tell us SAP applications are central to their success and strategy for cloud, with a deadline to refresh the business processes and move to SAP S/4HANA by 2025. Now is the time to assess, plan and execute the journey to cloud and SAP S/4HANA

Continue reading