IBM journey to GDPR

IBM is one of the first to have a data privacy officer and an ethics statement that is woven into all new products and services to include built-in privacy and security. Learn more about IBM’s journey to GDPR compliance using IBM solutions and pathways methodology.

GDPR is about personal data

Key for GDPR is the focus on personal data, any data that can directly or indirectly identify living individuals — we need to know what personal data the business uses, where it's stored, how it's processed and its lineage — where it comes from, what we do with it and where it ends up.

There are GDPR essentials every organization should have in place: Defining, discovering, cataloging, and protecting personal data and managing consent.


Personal data is any information that can directly or indirectly identify a living, natural person. Direct identifiers include things like one's name, passport number and phone number. Indirect identifiers include things such as asset, financial, health and other categories. Use the IBM Industry Model framework if personal data is not defined already.

Get started


Accelerate finding personal data across your business with IBM InfoSphere® Information Analyzer and IBM StoredIQ®. What's found can be added to a central inventory into IBM Information Governance Catalog. Accelerate defining and finding unstructured personal data with the StoredIQ GDPR Cartridges, defining an extended set of EU personal data across 11 languages. For structured data, use IA.

Get started


Expedite cataloging personal data into IBM InfoSphere Information Governance Catalog across all data sources, categories and types. This unified catalog can be the key backbone to all of your GDPR program tasks, actions and work streams. End-to-end you need to know what and where personal data is in the business, its lineage, and how you process and use it.

Get started


The range of data masking and obfuscation capabilities from IBM can help de-identify any personal or sensitive information. This can be done in-place, across the common structure database system and application sources you have with IBM Optim™. Then, for data-minimization, use IBM Information Lifecycle Governance for retention policy disposal across all your data for GDPR.

Get started

Manage consent

Our IBM InfoSphere Master Data Management solution provides a customer/data-subject 360-degree view, normalizing across all the data sources and different identifiers used for each person, with definitions for processing activities and purposes on that data. Data stewards can then create, capture and update consent for data-subjects across all channels, then notify across existing event and notification frameworks in real time.

Get started

Learn more about GDPR

IBM Pathways to GDPR Readiness

Prepare your business for the evolving realities of data privacy and protection in the EU.

GDPR is live, now what?

Is it business as usual or time to really panic? Or is it an opportunity for you to accelerate your organization's analytics journey?

Accelerate your GDPR Readiness: Personal Data Protection and Consent Management

Get a deeper dive on how to help protect your personal data once it is identified and discovered.

Does GDPR apply to you?

GDPR has worldwide ramifications. Organizations around the world — and not just those in the EU but also those consuming goods and services from Europe — need to be ready for the EU GDPR. If you're providing electronic goods or services to anyone who's in Europe, be they a citizen, a temporary resident, or even if they're passing through a European airport for half an hour, potentially, GDPR may apply, and you need to comply with that. It may also apply to anyone in the world, anywhere, if you are profiling or doing analytics on them. 

GDPR practical data actions and accelerators from IBM can help your organization on its journey to compliance. Beyond compliance, they set the foundation to help strengthen and deepen the relationship you build with your customers and consumers as you provide more transparency on their personal data processing and protection. May 25, 2018, wasn’t the end of GDPR, it really just started and it will be an ongoing journey.

Take immediate action to step through on your journey towards compliance and key data actions around defining, discovering, cataloging and protecting personal data and managing consent to accelerate the readiness on every step of that journey.

Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients' business and any actions the clients may need to take to comply with such laws and regulations.

The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.