Considerations for GDPR Readiness

This document is intended to help you prepare for General Data Protection Regulation (GDPR) readiness. It provides IBM Hybrid Cloud Mesh (Mesh) feature information that you can configure, and aspects of the product's use to consider when you are preparing your organization for GDPR. This information is not an exhaustive list. Clients can choose and configure features in many ways and use the product in many behaviors and with third-party applications and systems.

Notice

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining the advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that might affect the client’s business and any actions the clients might need to take to comply with such laws and regulations.

The products, services, and other capabilities that are described here are not suitable for all client situations and might restrict availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products ensure that clients are in compliance with any law or regulation.

GDPR

GDPR was adopted by the European Union (EU) and applies from 25 May 2018.

Why is GDPR important?

GDPR establishes a stronger data protection regulatory framework for the processing of the personal data of individuals. GDPR brings:

  • New and enhanced rights for individuals
  • Widened definition of personal data
  • New obligations for companies and organizations that are handling personal data
  • Significant financial penalties for noncompliance
  • Compulsory data breach notification

IBM established a global readiness program that is tasked with preparing IBM's internal processes and commercial offerings for compliance with the GDPR.

More information

Product Configuration – considerations for GDPR Readiness

The following sections describe aspects of Mesh and provide information on capabilities to help clients with GDPR requirements.

Data Life Cycle

IBM Hybrid Cloud Mesh (Mesh) is a multicloud, multicluster, application-centric, networking solution. It enables enterprises to use simple, scalable, seamless, and secure hybrid multicloud connectivity. It enables application-centric networks by intelligently inferring network requirements from business intent. It aligns networking operations, security operations, and DevOps across heterogeneous cloud environments.

Mesh automatically configures a software-defined network for the application’s microservices, distributed among multiple clouds in an abstract manner. Mesh is an overlay network that eliminates the need for any reconfiguration of the underlying networks.

Types of data stored in Mesh

Mesh stores only one kind of data that might be considered personal data:

  • User emails

Information about how this data can be accessed and deleted is described in later sections of this document.

The user's email is their IBMid, which you can see in My IBM. The IBMid is used for user authentication and audit logs in Mesh. Only customers and IBM support can access the audit logs.

How to view personal data

To view the stored email, use the following command:

palmctl get identities

How to delete personal data

To remove the email, use the following command:

palmctl delete identity
Notes:
  • To remove all the email addresses for a customer or tenant, request removal by contacting Support informationI.
  • If all the email addresses are deleted, the customer identity is erased and they can no longer use Mesh.

Legal Basis

For more information about the legal basis for the lawful handling of your personal data, see IBM Privacy Statement.