IBM Cloud® compliance: GDPR (EU)
Illustration showing two people standing on platforms, with one person looking at a map display and the other regarding a security shield
What is GDPR (EU)?

The General Data Protection Regulation (GDPR) is a regulation throughout the European Union that asserts an individual's right to privacy. The law protects an individual's rights and control over their personal data.

GDPR was designed to bring various European privacy standards and frameworks into one harmonized framework, imposing strict and enforceable rules onto those who host and process personal data.

It states that an individual has a right to a copy of their data, a right to request corrections to their data, a right to restrict the use of their data and a right to delete their data.

GDPR is a regulation, not a guideline: anyone who works with the personal identifying information of a citizen of an EU country must comply with the law, even if the data is hosted or processed outside of the EU.

IBM position

As part of the European Union's General Data Protection Regulation (GDPR), IBM is enhancing its ongoing commitment to privacy by design. IBM is working to embed data protection principles even more deeply into its business processes. This work also strengthens existing controls to limit access to personal data, including mobile applications that rely on default settings to prevent sharing of personal data.

Resources Transform your business with the GDPR

Learn about the IBM GDPR Framework

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs