March 1, 2018 By Cindy Compert 4 min read

I’ve been on the road a lot lately. Literally, I’ve been in the car, traveling along every kind of road, alongside virtually every type of vehicle you can imagine. And I sometimes found myself noticing things about the people who were driving all those cars, trucks and motorcycles. The motorcyclists were the ones I found most interesting, but not for the reasons you may be thinking.

I noticed that while some bikers rode with the bare minimum of physical protection, others wore full helmets and visors, with heavy leather gloves, boots and jackets. And some bikes looked like they rode right out of a 1960s movie. No fenders, windshields or visible crash protection. Meanwhile, others had all that gear and then some.

But while those minimalist riders may actually be fully compliant with today’s regulations, it’s clear that they’re not doing everything they can to protect themselves.

That got me thinking about what it really means to be compliant, whether you’re cruising down the road on two wheels or trying to ensure that your business is compliant with all the applicable laws regarding data security and privacy. Yes, it’s hard for me to keep my mind off work, even when I’m not in the office.

IBM Experts to Discuss Compliance and Security at Think 2018

What’s more, we’ll be exploring the challenges of connecting compliance and security at IBM Think 2018 on March 19–22. So I’d like to walk you through some of the ways we’ll address helping our clients get ahead of preparedness around new regulatory mandates — including the General Data Protection Regulation (GDPR). And we’ll discuss the challenges of working toward both compliance and protection as you extend your security program to cloud, mobile or a new customer base.

For a view of the big picture, I’ll be offering a session on automating and enforcing continuous security compliance. We’ll examine the core compliance challenges facing enterprises today, key issues impacting the landscape, best organizational practices for helping to adapt to these changes and how you can leverage technologies across the IBM Security immune system to address your compliance needs.

In another far-reaching session, “From ‘No’ to ‘Know’: Privacy Meets Innovation,” Grace Murphy and Leslie Wiggins will explore key trends impacting the data privacy landscape today and provide several recommendations for how businesses can address their growing need for implementing comprehensive data privacy programs without sacrificing innovation — by leveraging the IBM Security Guardium portfolio of data security solutions.

Helping Organizations Achieve GDPR Readiness

Moving on to the topic of GDPR, David Jarvis, security and CIO lead, IBM Institute for Business Value, will join me for a Think Tank presentation: “Get GDPR-Ready—Because Data Protection Is About to Get Personal.” When GDPR takes effect on May 25, 2018, it will impact organizations conducting business with individuals in the European Union (EU) — consumers, employees and business contacts alike. As of that date, you’ll be expected to be ready to meet new, uniform data protection regulations relating to the information of EU subjects. And if you aren’t yet ready, you could potentially face hefty fines and other penalties. We’ll walk you through the details of the IBM Security GDPR framework, developed to help our clients achieve GDPR readiness.

I’ll also be participating in a GDPR-focused panel discussion with David Jarvis: “The Transformative Power of GDPR for People and Business.” We’ll explore how GDPR is transforming organizations today and how it will do so in the future. We’ll discuss how GDPR can deeply change organizations — improving security and privacy, creating more engaged customers and driving better data strategies. And David will spotlight the latest research from the IBM Institute for Business Value.

Don’t miss my GDPR deep dive: “GDPR Security-Focused Show and Tell: Tools and Techniques to Help Your GDPR Program.” GDPR applies to most organizations conducting business with the EU, even if they’re not located on EU soil. And enforcement begins in less than 90 days. Are you ready? I’ll be sharing a “show and tell” focused on security and based on client experiences around the world. And I’ll fill you in on the IBM GDPR Framework — a methodology that identifies GDPR-specific activities and deliverables to help you on your journey. You’ll learn how it can help you get there more efficiently, whether you’re drowning in spreadsheets, tired of scanning for personal data, struggling to figure out how to automate data subject rights and produce audit trails, or trying to determine which controls to implement or how to measure your progress.

And for an important discussion of solutions designed to help you meet compliance mandates, there’s this: “New Capabilities of IBM BigFix Compliance: What They Mean for You.” I-Lung Kao and Dan Montgomery will provide details on two new capabilities of IBM BigFix Compliance — a powerful solution used by IT operations teams to monitor endpoint configuration compliance based on industry. First, there’s policy management, which lets a security team effectively create and customize an endpoint security policy to harden an organization’s security posture or meet regulatory compliance requirements. In addition, vulnerability posture reporting allows security and compliance teams to get the current status and details of vulnerabilities impacting endpoints.

Of course, that’s just a small sampling of what you’ll find at Think 2018 later this month. I really hope to see you there. And please let me know if you arrive by motorcycle. I may have a few questions for you.

Watch the full session from Think 2018: Automate and Enforce Continuous Security Compliance

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today