June 5, 2018 By Leslie Wiggins 4 min read

A May 2018 report by the IBM Institute for Business Value found that only 36 percent of surveyed executives believed they’d be fully compliant with the General Data Protection Regulation (GDPR) by the May 25 enforcement date. The GDPR, intending to improve data privacy for data subjects from the European Union (EU), has set a new standard for data privacy worldwide while sparking speculation, self-examination and organizational overhauls for security, privacy and compliance teams in the EU and beyond.

And for some organizations, this has caused a good deal of panic.

GDPR Enforcement in Full Effect

According to The New Yorker, the GDPR is “the most contested law in the E.U.’s history,” a statement illustrating just how impactful (and potentially disruptive) many believe GDPR enforcement will be. It’s perceived, however, that showing signs of progress toward full compliance may be enough to stay afloat for now. Though fines for GDPR noncompliance can reach as high as 20 million euros — or up to 4 percent of annual worldwide turnover — some believe it’s unlikely, according to GDPR.Report, that repercussions will reach this level of magnitude in the majority of cases, as long as efforts have been made in good faith to take steps toward compliance.

Staying afloat isn’t sustainable forever, though, and organizations still need to continue ongoing efforts toward compliance and maintain those levels once they’ve been reached. The May 25 date was by no means the end of the activity around GDPR compliance — it’s only the beginning of a much longer journey.

What can we potentially offer to the 64 percent of GDPR executives who didn’t think they’d be fully ready by the enforcement date — and more importantly, to the 18 percent who (at the time of the report) hadn’t even begun GDPR preparations?

A GDPR Framework

First and foremost, IBM Security offers a GDPR framework, providing a holistic approach to help organizations prepare for and meet GDPR requirements. The framework outlines requirements around both privacy (the controls within an organization around how personal or regulated information is collected, used and shared) and security (the technical safeguards to ensure data confidentiality, integrity and availability). It spans five phases: assess, design, transform, operate and conform.

With a regulation as monumental as the GDPR, simply jumping in without a plan won’t yield positive results. Identifying a framework to follow is a critical element of preparedness.

IBM Security Guardium Analyzer

Second, we offer a more practical suggestion: Think big, start small and deliver fast. One way to do this is to leverage software-as-a-service (SaaS) offerings that enable teams to immediately start taking the steps outlined in IBM Security’s GDPR framework.

To support these efforts, IBM Security announced the IBM Security Guardium Analyzer today, a SaaS offering that maps to the first step in the GDPR framework by helping organizations efficiently assess security and compliance risk associated with GDPR personal data and create a prioritized action plan. By combining advanced classification and risk-based vulnerability assessment, Guardium Analyzer identifies the cloud and on-premises databases most likely at risk under a GDPR-oriented audit — so you can take the right steps to minimize your risk.

The technology offers key capabilities, including encrypted connectivity to cloud and on-premises databases, next-generation classification using pre-built, IBM-provided data patterns or customized user-provided patterns, vulnerability assessments and risk scoring, which helps administrators prioritize vulnerable databases based on the amount of sensitive data they contain and that data’s level of sensitivity. Advanced filtering and sorting — along with intuitive, shareable dashboards that enable visual progress tracking and reporting — contribute to ease of use, a crucial element in the face of this complex regulation.

Guardium Analyzer helps organizations get a running start on their GDPR journey with a SaaS offering purpose-built for discovering, classifying and assessing the vulnerability of personal data. Remember: Even with the May 25 date behind us, these are needs organizations will have to continue addressing well beyond this initial enforcement period if they want to maintain compliance and continue building a strong data protection program.

The Transformative Power of the GDPR

Moving forward, the GDPR may even serve as a catalyst to spark greater innovation throughout security programs worldwide. According to the IBM report, 39 percent of surveyed executives saw the GDPR as a chance to transform security, privacy and data management efforts – with 91 percent agreeing that the GDPR will enable more trusted relationships with clients and new business opportunities. If these responses are any indication of what’s to come, then we have yet to see the transformative power of the GDPR.

The Data Protection Officer’s Playbook for GDPR

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

More from

Brands are changing cybersecurity strategies due to AI threats

3 min read -  Over the past 18 months, AI has changed how we do many things in our work and professional lives — from helping us write emails to affecting how we approach cybersecurity. A recent Voice of SecOps 2024 study found that AI was a huge reason for many shifts in cybersecurity over the past 12 months. Interestingly, AI was both the cause of new issues as well as quickly becoming a common solution for those very same challenges.The study was conducted…

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

Hackers are increasingly targeting auto dealers

3 min read - Update as of July 11, 2024 In late June, more than 15,000 car dealerships across North America were affected by a cyberattack on CDK Global, which provides software to car dealers. After two cyberattacks over two days, CDK shut down all systems, which caused delays for car buyers and disruptions for the dealerships. Many dealerships went back to manual processes, including handwriting up orders, so that sales could continue at a slower pace. Car buyers who recently bought a car from…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today