What is the GDPR?
The GDPR (General Data Protection Regulation) seeks to create a harmonised data protection law framework across the EU and aims to give back to data subjects, control of their personal data, whilst imposing strict rules on those hosting and processing this data, anywhere in the world.
The IBM GDPR Framework
IBM has created a 'GDPR framework' with five phases to help achieve readiness: Assess, Design, Transform, Operate, and Conform. The goal of the framework is to help clients manage security and privacy effectively in order for them to reduce risks and therefore incidents. IBM services and solutions are available to support you at each phase in your own GDPR readiness journey.
Assess
activity: conduct GDPR risk and privacy assessments across governance, people, processes, data and security
outcome: assessments and roadmap
Design
activity: designing new, GDPR compliant, standards for each aspect of the business
outcome: defines implementation plan
Transform
activity: develop and embed procedures, processes and tools: conduct GDPR training
outcome: process enhancements completed
Operate
activity: execute & monitor relevant business processes: manage consent and data subject access rights
outcome: operational framework in place
Conform
activity: monitor, assess, audit, report and evaluate adherence to GDPR standards
outcome: ongoing monitoring and reporting
Read the paper IBM Pathways for GDPR Readiness (PDF, 4.3 MB)
How can IBM help on your journey to GDPR readiness?
IBM offers comprehensive solutions, services and expertise to help your progress to GDPR readiness and beyond.
Security
The GDPR needs you to be on top of encryption, access controls and monitoring through to incident breach readiness and reporting. IBM Security services and solutions can accelerate your readiness for each of these.
Analytics
Protection of personal data needs you to discover and classify categories and types of data across the business; then prepare for Article 30 Records of Processing, mapping processing activities to personal data use. Our capabilities can help support your remediation, lifecycle management, consent and DSAR (Data Subject Access Rights) requests.
Cloud
Rather than merely complying, seize the opportunity presented by the GDPR to set your company apart from the competition using the IBM Cloud. Designed with built-in data security and privacy services, the IBM Cloud offers the platform and tools to help safeguard sensitive data wherever it resides.
Watson Marketing
We support marketers throughout their GDPR journey. Our AI-powered marketing solutions, accompanied with business expertise, will help you stay compliant with industry regulations.
Data Storage
Using IBM data storage and processing products to manage GDPR readiness, you can gain increased transparency and control over your data, positioning your company to realise efficiencies, identify opportunities and drive innovation.
Blockchain and the GDPR
Using real-world examples, this paper explores five areas associated with GDPR compliance and how blockchain might address each.
IBM pathways for GDPR readiness
Preparing your business for the changing realities of data protection in the European Union. Learn more about how to use IBM's five phase methodology.
Create sustainable, governed data assets for the GDPR and beyond
Learn how IBM is helping clients in getting ready for the GDPR.
IBM Cloud Secure Virtualization: Your key to simplifying GDPR compliance
This paper takes a closer look at how HyTrust, Intel, and IBM can help simplify your GDPR compliance efforts.
Simplify GDPR Compliance with IBM Cloud Secure Virtualization
Complying will be hard for businesses, but it will bring benefits too (The Economist)
IBM's commitment to GDPR readiness
IBM is committed to providing our clients and partners with innovative data privacy, security and governance solutions to assist them on their journey to GDPR compliance.
IBM is a recognised leader in data protection and complies with data privacy laws around the world. In preparation for the European Union’s new General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, IBM established a comprehensive compliance framework to ensure GDPR compliance for all IBM products and services. As part of this global program, IBM reviewed and enhanced IBM products and services for GDPR, developed GDPR-ready contracts for clients and suppliers, and actively engaged with clients and suppliers on GDPR compliance.
As part of IBM’s ongoing commitment to privacy by design, IBM has embedded data protection principles even more deeply into its business processes, products, and services so that our clients can better meet their own data protection objectives. In addition to enhanced security, IBM offers innovative data privacy and governance solutions that can assist clients and partners with GDPR compliance.
For IBM the GDPR is not a one-time event but the latest milestone on the journey of protecting data. As IBM’s long history of security and privacy leadership demonstrates, IBM understands that protecting privacy is essential to gaining trust. IBM was one of the first companies to appoint a Chief Privacy Officer, to develop and publish a genetics privacy policy , to be certified under the APEC Cross Borders Privacy Rules system, and to sign the EU Data Protection Code of Conduct for Cloud Service Providers. Now, IBM is continuing its long-standing leadership in the area of data protection by responding proactively to the GDPR.
Stay connected
Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients' business and any actions the clients may need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.