Security

Benchmark your readiness for a GDPR-compliant world

Share this post:

GDPR compliance

With the EU’s General Data Protection Regulation (GDPR) data regulation going into effect, we recently wrapped the latest GDPR Summit in London. Almost 500 attendees across most industries attended three parallel tracks of GDPR focused activity: GDPR program, HR and sales, and marketing.

I was honored to give the keynote with my IBM colleague Jonathan Wisler to discuss and debate a range of compliance, contract and readiness issues. We shared the IBM point of view on the opportunity for transformation that we believe GDPR is and provided an update on the IBM journey to readiness, sharing details of our own internal program of activities, with our workstreams focused on various obligations and duties of the regulation.

Managing compliance with machine learning and AI

We also shared where we’ve invested in machine learning and AI to provide accelerators at every step in the journey. We shared how we were using those both with our clients, in GDPR engagements worldwide, as well as using them internally in our own program.

These included examples of using machine learning around the regulations themselves. Machine learning can be used to rapidly digest native regulatory text — the GDPR in PDF — and provide the controls and obligations for the compliance team. For many businesses, especially larger multinationals, GDPR is not the only regulation they need to comply with, especially for those in more heavily regulated industries such as financial services, insurance, manufacturing, pharmaceuticals and so on, and operating across multiple jurisdictions.

Anticipating future data privacy regulations

GDPR isn’t “it.” The reality is there’s likely even more to come. This includes the pending EU ePrivacy regulation, currently frozen in Brussels, but likely to progress and impact the activities of marketing further than even GDPR has so far. Worldwide, many regions have refreshed and expanded already-existing data privacy and security regulations.

It was just before the summit that US congressional hearings around large social media companies were triggered by the ongoing review of alleged data scraping, data leakage and data sharing of third parties. From those hearings, there was some congressional activity to draft US privacy regulations. What’s not clear in the current political climate is whether these would ever progress in the near term.

Wherever you operate in the world, more privacy and security regulations are likely to come. If you’re able to put in place a strong internal program, including strong solutions, policies and processes around compliance, then you’ll have a good framework in place, ready to meet whatever other regulations require in the future. We explored these fundamental building blocks of a general governance and compliance program, starting with GDPR, in our keynote.

Getting started and expediting readiness

Following the keynote, I provided some comments to the Financial Times for the article, “Wake up call to businesses with one month to be GDPR-compliant.” We discussed the concept of “need to know” and the challenge of finding personal data, where it is, how it’s used, having a clear legal basis to hold and process it, and how to avoid over-retaining personal data. Though difficult for many organizations, our key message is to get started now, at least on the primary systems of record that drive and run the business.

From many attending clients and vendors, acceleration to the cloud was a strong topic and focus area of discussion. Cloud capabilities that could help in any GDPR journey were a constant discussion point at our expo booth throughout the day. More and more clients are considering that by putting more or all of their data in the cloud, they can then focus their GDPR activities in one place rather than across the many disparate silos. Our GDPR Template accelerator, which helps expedite readiness for Article 30 Records of Processing and Consent management, generated a lot of interest.

During the keynote and throughout sessions in the day, delegates took part in several live polls. These showed 90 percent of those polled were still just starting or progressing their GDPR readiness journey, even with just weeks to go. Only 10 percent responding were in the final stages.

In my interview with American Banker, I shared how some organizations had not yet started, but there was still time to complete an impact analysis and draft a plan.

Yes, there is and will be lots of change, there may be casualties, but the consensus at the GDPR Summit in London was that there will still be a place for properly transparent, consented and customer-centric digital marketing.

So, with G-Day here, what’s left to do or is still doable? Our keynote proposed the minimal key activities of readiness to consider, for any journey of readiness.

Watch an on-demand webinar with IBMer Jonathan Wiseler and Forrester’s Analyst Enza Iannopollo, “Benchmark your readiness for a GDPR-compliant world.”

Learn more about the IBM GDPR Readiness journey and how we can help you.

Global GDPR & Governance Offerings Evangelist, IBM

More Security stories

French insurer teams with IBM Services to develop fraud detection solution

Auto insurance fraud costs companies billions of dollars every year. Those losses trickle down to policyholders who absorb some of that risk in policy rate increases. Thélem assurances, a French property and casualty insurer whose motto is “Thélem innovates for you”, has launched an artificial intelligence program, prioritizing a fraud detection use case as its […]

Continue reading

Cloud innovation in real estate: Apleona and IBM rely on new technologies

Digitization does not stop at the proverbial concrete gold — real estate. In fact, the real estate industry is on the move. Companies are realizing the benefits of digital transformation and are capitalizing on the power of new technologies such as cloud, AI and blockchain. Take, for example, Apleona GmbH, one of Europe’s largest real […]

Continue reading

Innovate with Enterprise Design Thinking in the IBM Garage

We’ve all been there. You have an amazing idea that’s really exciting. Maybe it’s a home improvement project, or perhaps it’s a new business idea. You think about all the details required to make it real. But, once you get to the seventh action item, you’re not so excited anymore. Sometimes when we realize the […]

Continue reading