Current European Union (EU) Data Protection rules date back to 1995. The EU was keen to establish a new set of rules reflecting the current reality of data usage and in response to calls that existing laws were out of date. In January 2012, the European Commission made a proposal for a single harmonized General Data Protection Regulation (GDPR) across the EU.

After four years of intense negotiations, a political agreement on the GDPR was finally reached in December 2015. This was formally adopted into European law in May 2016 and companies now have two years to implement and conform to the new regulation, which will enter into force in 2018.

The evolving regulatory environment on cybersecurity and data protection offers both possibilities and challenges for IBM and its clients. The challenges range from governance to securing application and infrastructure.

IBM has extensive experience helping clients navigate regulatory environments in Europe – and around the world. We have done this successfully through consulting services and solutions and through our delivery of cloud and cognitive solutions. This paper reflects IBM’s general view of Europe’s new regulatory landscape. It is not, however, intended to be exhaustive and does not describe every procedure and technical detail that could be required.

The key to establishing preparedness in this new era lies in choosing the right partners for your organization, and being able to deploy appropriate security and data protection controls and procedures in a way that can be rapidly and readily demonstrated. IBM understands this is not just a technical challenge, but a challenge of governance and compliance, applications and infrastructure and assurance.



The paper explores:

  • The implications of the new GDPR
  • The new rights of data subjects
  • The new responsibilities for data controllers and processors
  • The transfer of personal data
  • How IBM can help
  • The new Network and Information Security (NIS) Directive

Watch the on-demand webinar: New Data Protection Law GDPR: Reality Bites!

more from CISO

To Cybersecurity Incident Responders Holding the Digital Front Line, We Salute You

Over the course of two decades, I’ve seen Incident Response (IR) take on many forms. Cybercrime’s evolution has pulled the nature of IR along with it — shifts in cybercriminals’ tactics and motives have been constant. Even the cybercriminal psyche has completely rebirthed, with more collaboration amongst gangs and fully established ransomware enterprises running. When I was first starting off,…