Navigate this significant data privacy challenge

For companies that operate in the European Union, the most important change in data privacy in two decades goes into effect May 25, 2018. Now is the time to prepare for the General Data Protection Regulation (GDPR).

GDPR will fundamentally change the way organizations complete business in the European Union.

Who’s impacted?

If you market to or process the information of EU Data Subjects, you need to learn how to address key data protection requirements as well as how to benefit from pre-built GDPR capabilities and automated compliance workflows.

What is it?

The GDPR is designed to unify data privacy requirements across all 28 EU member states. Data Subjects — which include end users, customers and employees — have the right to make a claim if their data is not protected in compliance with the GDPR regulations. Further, EU regulators have the right to impose huge fines for violations.

How do GDPR requirements affect your enterprise?



Assess Privacy


  • Conduct GDPR Assessments, assess and document GDPR related policies
  • Assess data subject rights to consent, access, correct, delete, and transfer personal data


  • Discover and classify personal data assets and affected systems
  • Identify access risks, supporting Privacy by Design

Assess Security


  • Assess security current state, identify gaps, benchmark maturity, establish conformance roadmaps
  • Identify vulnerabilities, supporting Security by Design


  • Discover and classify personal data assets and affected systems to design security controls

Design Privacy


  • Create GDPR remediation and implementation plan

Privacy by Design:

  • Design policies, business processes and supporting technologies
  • Create GDPR reference architecture

Discover Security


  • Create security remediation and implementation plan

Security by Design:

  • Create security reference architecture
  • Design technical and organizational measures to risk such as encryption, pseudonimization, access control, monitoring and more

Transform Privacy

Transform processes:

  • Implement and execute policies, processes and technologies
  • Automate data subject access requests

Transform Security


  • Implement privacy enhancing controls such as encryption, tokenization, dynamic masking
  • Implement security controls; mitigate access risks and security vulnerabilities

Operate Privacy

Manage GDPR program:

  • Manage GDPR data governance practices such as information lifecycle governance
  • Manage GDPR enterprise compliance programs such as data use, consent activities, data subject requests

Run services:

  • Monitor personal data access
  • Govern roles and identities

Operate Security

Manage security program:

Manage and security program practices such as risk assessment, roles and responsibilities, program effectiveness

Run services:

  • Monitor security operations and Intelligence: monitor, detect, respond to and mitigate threats
  • Govern data incident response and forensics practices

Conform Privacy


  • Record personal data access audit trail including data subject rights to access, modify, delete, transfer data
  • Run data processor/controller governance including providing processor guidance, track data processing activities, provide audit trail, preparing for data subject access requests
  • Document and manage compliance program: Ongoing monitoring, assessment, evaluation and reporting of GDPR activities


  • Respond to and manage breaches

Conform Security


  • Demonstrate technical and organizational measures to ensure security appropriate to processing risk
  • Document security program: Ongoing monitoring, assessment, evaluation and reporting of security controls and activities


  • Respond to and manage breaches

IBM Security can help you get started now

Contact IBM

IBM Security