What Business Partners need to know

General Data Protection Regulation (GDPR) and the California Privacy Act (CCPA)


GDPR has three primary objectives:

  1. Create a unified data protection law for all 28 European member countries
  2. Enhance the level of data protection for EU data subjects
  3. Modernize the law in line with existing and emerging technologies

GDPR went live on May 25, 2018. Compliance must be sustained.

  • It applies to controllers and processors, both inside and outside the EU, whose processing activities relate to the offering of goods or services to EU data subjects, wherever their data is in the world
  • Organizations outside the EU are subject to GDPR when they collect or process data concerning any EU data subjects


The California Consumer Privacy Act (CCPA) is a new consumer protection and data privacy act. It enhances the privacy rights for residents of the state of California in the United States. CCPA becomes effective on January 1, 2020 and enforcement is expected July 1, 2020.

CCPA bears much similarity to the GDPR

Consumers have the right to be informed of the categories of personal data a business collects about them and to gain access to the personal data a business collects about them, twice a year, free of charge. Thus, organizations must disclose information about the collection, sale, and disclosure of personal information.

IBM's Journey to GDPR Readiness

Resources to help your clients accelerate their data privacy readiness

Learn more about data privacy

IBM and Business Partners are separate companies and each is responsible for its own products and services. Neither IBM nor Business Partners makes any warranties, express or implied, concerning the others’ products or services.  

Ready to generate demand for data privacy solutions?

The Data Privacy sales kit has all the assets you need to start the conversations with your customers.

Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the California Consumer Privacy Act and the European Union General Data Protection Regulation.

  • Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients' business and any actions the clients may need to take to comply with such laws and regulations.
  • The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.