A May 2018 report by the IBM Institute for Business Value found that only 36 percent of surveyed executives believed they’d be fully compliant with the General Data Protection Regulation (GDPR) by the May 25 enforcement date. The GDPR, intending to improve data privacy for data subjects from the European Union (EU), has set a new standard for data privacy worldwide while sparking speculation, self-examination and organizational overhauls for security, privacy and compliance teams in the EU and beyond.

And for some organizations, this has caused a good deal of panic.

GDPR Enforcement in Full Effect

According to The New Yorker, the GDPR is “the most contested law in the E.U.’s history,” a statement illustrating just how impactful (and potentially disruptive) many believe GDPR enforcement will be. It’s perceived, however, that showing signs of progress toward full compliance may be enough to stay afloat for now. Though fines for GDPR noncompliance can reach as high as 20 million euros — or up to 4 percent of annual worldwide turnover — some believe it’s unlikely, according to GDPR.Report, that repercussions will reach this level of magnitude in the majority of cases, as long as efforts have been made in good faith to take steps toward compliance.

Staying afloat isn’t sustainable forever, though, and organizations still need to continue ongoing efforts toward compliance and maintain those levels once they’ve been reached. The May 25 date was by no means the end of the activity around GDPR compliance — it’s only the beginning of a much longer journey.

What can we potentially offer to the 64 percent of GDPR executives who didn’t think they’d be fully ready by the enforcement date — and more importantly, to the 18 percent who (at the time of the report) hadn’t even begun GDPR preparations?

A GDPR Framework

First and foremost, IBM Security offers a GDPR framework, providing a holistic approach to help organizations prepare for and meet GDPR requirements. The framework outlines requirements around both privacy (the controls within an organization around how personal or regulated information is collected, used and shared) and security (the technical safeguards to ensure data confidentiality, integrity and availability). It spans five phases: assess, design, transform, operate and conform.

With a regulation as monumental as the GDPR, simply jumping in without a plan won’t yield positive results. Identifying a framework to follow is a critical element of preparedness.

IBM Security Guardium Analyzer

Second, we offer a more practical suggestion: Think big, start small and deliver fast. One way to do this is to leverage software-as-a-service (SaaS) offerings that enable teams to immediately start taking the steps outlined in IBM Security’s GDPR framework.

To support these efforts, IBM Security announced the IBM Security Guardium Analyzer today, a SaaS offering that maps to the first step in the GDPR framework by helping organizations efficiently assess security and compliance risk associated with GDPR personal data and create a prioritized action plan. By combining advanced classification and risk-based vulnerability assessment, Guardium Analyzer identifies the cloud and on-premises databases most likely at risk under a GDPR-oriented audit — so you can take the right steps to minimize your risk.

The technology offers key capabilities, including encrypted connectivity to cloud and on-premises databases, next-generation classification using pre-built, IBM-provided data patterns or customized user-provided patterns, vulnerability assessments and risk scoring, which helps administrators prioritize vulnerable databases based on the amount of sensitive data they contain and that data’s level of sensitivity. Advanced filtering and sorting — along with intuitive, shareable dashboards that enable visual progress tracking and reporting — contribute to ease of use, a crucial element in the face of this complex regulation.

Guardium Analyzer helps organizations get a running start on their GDPR journey with a SaaS offering purpose-built for discovering, classifying and assessing the vulnerability of personal data. Remember: Even with the May 25 date behind us, these are needs organizations will have to continue addressing well beyond this initial enforcement period if they want to maintain compliance and continue building a strong data protection program.

The Transformative Power of the GDPR

Moving forward, the GDPR may even serve as a catalyst to spark greater innovation throughout security programs worldwide. According to the IBM report, 39 percent of surveyed executives saw the GDPR as a chance to transform security, privacy and data management efforts – with 91 percent agreeing that the GDPR will enable more trusted relationships with clients and new business opportunities. If these responses are any indication of what’s to come, then we have yet to see the transformative power of the GDPR.

The Data Protection Officer’s Playbook for GDPR

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

More from

Remote Employees: Update Your Routers (and More WFH IT Tips)

As a business owner or manager, you must ensure your employees have the right tools and resources to do their jobs well — especially with more people working from home. And IT infrastructure is one of the most important considerations regarding remote work.However, the truth is that most employees don’t think about their IT infrastructure until something goes wrong. In many cases, this can leave an employee stranded and unable to complete their tasks. In a worst-case scenario, this reactionary…

More School Closings Coast-to-Coast Due to Ransomware

Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks. The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase. In a recent warning, the nation’s…

The Role of Human Resources in Cybersecurity

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee training. Their access to employees at the start of employment is an opportunity to lay a foundation for a culture of risk awareness. HR departments do not typically include cybersecurity risk awareness training with new hire onboarding, but it’s something…

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…