Announcing IBM Security Guardium Analyzer

Efficiently identify security and compliance risk associated with GDPR-related data using cloud-based data discovery, data classification, and vulnerability scanning.

Start your 30-day trial

What is the General Data Protection Regulation (GDPR)?

GDPR is designed to unify data privacy requirements across the European Union (EU). If you market to or process the information of EU Data Subjects – which include end users, customers and employees – you need to conform to GDPR to continue conducting business. Learn how to address these key requirements with IBM Security solutions.

Register for white paper

Where are you on your GDPR journey?

Starting at the beginning

The GDPR readiness assessment from IBM® can help you identify the areas of your business that will be affected by GDPR and evaluate your current practices against the requirements. Get started with the GDPR readiness assessment from IBM, which includes a gap analysis and a roadmap for moving forward.

IBM Data Privacy Consulting Services GDPR readiness assessment (78 KB)

Gaining traction

The IBM Security Guardium® Analyzer solution allows you to apply a next generation classification engine with pre-built GDPR oriented data patterns as well as vulnerability scans for your data in-order to provide your compliance or audit teams with prioritized risk information.

Learn more about IBM Security Guardium Analyzer

Operationalizing your program

The Resilient Incident Response Platform can help you fulfill GDPR obligations and help streamline your incident response and breach notification time. GDPR-specific components have been incorporated into the platform, including the GDPR preparatory guide, the GDPR simulator, and the GDPR-enhanced privacy module.

Explore the Resilient Incident Response Platform

IBM Security GDPR framework

Five phases to readiness

The IBM Security GDPR framework provides a holistic approach to helping your organization prepare for and meet GDPR requirements — from assessment to conformance.

Privacy requirements

Assess your current data privacy stature under all of the GDPR provisions. Discover where protected information is located in your enterprise.

Prepare:

  • Conduct GDPR assessments, assess and document GDPR-related policies
  • Assess data subject rights to consent, access, correct, delete, and transfer personal data

Discover:

  • Discover and classify personal data assets and affected systems
  • Identify access risks, supporting privacy by design

Featured solutions

Security requirements

Assess the current state of your security practices, and identify gaps and design security controls. Find and prioritize security vulnerabilities, as well as any personal data assets and affected systems to design appropriate controls.

Prepare:

  • Assess security current state, identify gaps, benchmark maturity, establish conformance roadmaps
  • Identify vulnerabilities, supporting security by design

Discover:

  • Discover and classify personal data assets and affected systems to design security controls

 

Featured solutions

Privacy requirements

Develop a GDPR roadmap and implementation plan. Use the findings in the assess phase to develop next-step activities and help reduce risk in the enterprise.

Roadmap:

  • Create GDPR remediation and implementation plan

Privacy by design:

  • Design policies, business processes and supporting technologies
  • Create GDPR reference architecture
  • Evaluate controller or processor governance

 

Featured solutions

Security requirements

Design security remediation and implementation plan priorities by identifying personal data asset risks. Include a security reference architecture and technical/organizational measures (TOMs) for data protection, starting with security by design and by default.

Roadmap:

  • Create security remediation and implementation plan

Security by design:

  • Create security reference architecture
  • Design TOMs appropriate to risk (such as encryption, pseudonimization, access control, monitoring)

 

Featured solutions

Privacy requirements

Implement and execute the controls in your GDPR strategy, including policies, programs and technologies. Transform the enterprise to be GDPR-ready.

Transform processes:

  • Implement and execute policies, processes and technologies
  • Automate data subject access requests

 

Featured solutions

Data privacy program design from IBM

Security requirements

Implement privacy enhancing controls such as encryption, tokenization and dynamic masking. Implement required security controls such as access control, activity monitoring and alerting. Mitigate discovered access risks and security vulnerabilities.

Protect:

  • Implement privacy-enhancing controls (for example, encryption, tokenization, dynamic masking)
  • Implement security controls; mitigate access risks and security vulnerabilities

 

Featured solutions

Privacy requirements

Manage your GDPR governance practices through the use of GDPR-specific metrics. Understand how the enterprise is mitigating risks. Begin executive level and board reporting.

Manage GDPR program:

  • Manage GDPR data governance practices such as information lifecycle governance
  • Manage GDPR enterprise conformance programs such as data use, consent activities, data subject requests

Run services:

  • Monitor personal data access
  • Govern roles and identities
  • Develop GDPR metrics and reporting schemas

 

Featured solutions

Security requirements

Manage and implement security program practices on premises and in the cloud, such as risk assessment and mitigation, incident identification, escalation, response, forensics and resolution, personnel roles and responsibilities. Measure, document, and communicate program effectiveness to stakeholders. Monitor security operations and intelligence: monitor, detect, respond to and mitigate threats.

Manage security program:

  • Manage and implement security program practices such as risk assessment, roles and responsibilities, program effectiveness

Run services:

  • Monitor security operations and intelligence: monitor, detect, respond to and mitigate threats
  • Govern data incident response and forensics practices

 

Feature solutions

Privacy requirements

Enhance and refine your GDPR practices, identifying areas of concern and address as necessary. Effectively manage your controller/processor relationships and understand if associated technical and organizational measures (TOMs) are being followed.

Demonstrate:

  • Record personal data access audit trail including data subject rights to access, modify, delete, transfer data
  • Run data processor or controller governance including providing processor guidance, track data processing activities, provide audit trail, preparing for data subject access requests
  • Document and manage compliance program: ongoing monitoring, assessment, evaluation and reporting of GDPR activities

Respond:

  • Respond to and manage breaches

 

Featured solutions

Security requirements

Demonstrate that you have implemented technical and organizational measures to ensure security controls are in place appropriate to processing risk. This includes producing audit reports and documenting metrics to measure progress. Document the security program itself including policies for ongoing monitoring, assessment, evaluation and reporting of security controls and activities. Respond to and manage incidents and breaches, reporting to regulators within the required 72-hour window.

Demonstrate:

  • Demonstrate technical and organizational measures to ensure security appropriate to processing risk
  • Document security program: ongoing monitoring, assessment, evaluation and reporting of security controls and activities

Respond:

  • Respond to and manage breaches

 

Featured solutions

What does GDPR mean to you?

If your organization markets to or processes the information of EU citizens, the GDPR applies to you, whether or not you’re based in the EU. And that means you need to understand and start working on a plan to meet the GDPR data protection requirements now.

See how GDPR readiness goes beyond privacy and security

Learn how IBM can help you respond.

Learn more

Hear from the privacy professionals

Read what IBM Security privacy leaders have to say about GDPR.

Read the blog series

Unleash the transformative power of GDPR

Learn how you can move from preparation to transformation.

Register for the webcast

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.  The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM's own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.