General Data Protection Regulation (GDPR), the European Union (EU)’s new data protection regulation, was released in May 2016 with an implementation date of May 25, 2018. Every organization that collects or process personal data on EU residents must comply with the new regulation, regardless of where they are located, or they will face significant financial penalties (up to four percent of their annual revenue) and reputational damage. The GDPR is designed to unify data privacy requirements across all 28 EU member states. Data Subjects — which include end users, customers and employees — have the right to make a claim if their data is not protected in compliance with the GDPR regulations. Further, EU regulators (CDPD in Bulgaria) have the right to impose huge fines for violations. (up to 4% from yearly revenue).

Complying with the GDPR requires any organization with personal data on EU residents to implement both organizational and technology measures to remain in compliance. Organizational measures include appointing a Data Protection Officer, developing policies and training on handling personal and sensitive personal data, and an approach for executing a Data Protection Impact Assessment (DPIA). Technological measures for protecting data include capabilities like data classification, data loss prevention, encryption, managing consent more explicitly, data transfer limitations, and technologies that enable data subjects to exercise their rights to access, rectify, and erase personal data held by data controllers.

To comply to GDPR organizations must invest significant resources into their information systems. Changes and new systems have to be deployed in the following areas:

• Data Assessment
• Data Security
• Information Governance
• Consent Management
• Right to Erasure
• Data pseudonymization or masking 

A good start is to ensure they have proven protection on a database record data. IBM Guardium is a solution which can help here in the areas of Assessment, Security and masking.

IBM Guardium is a GDPR accelerator. Learn more how IBM Security and IBM Guardium can help you comply to this regulation.

IBM Information Governance catalog is another must have solution for GDPR Compliance. It impacts Assessment, Governance and Consent Management.

The organizations will be audit on their abilities to handle accidents, breaches, customer complaints in a very strict manner. A sophisticated case management solution has to be implemented.

There is much more to consider and an integrated approach must be established in order to save time and resources. 

Contact us to discuss your plan and strategy.