Is your business ready for GDPR?

Your Personalized Guide to GDPR Readiness

The EU General Data Protection Regulation (GDPR) has a tremendous impact on the way organizations handle data. Use our Guide to GDPR Readiness to determine the steps your company can take surrounding GDPR.

IBM GDPR

The EU General Data Protection Regulation (GDPR) has a tremendous impact on the way organizations handle data. Use our Guide to GDPR Readiness to determine the steps your company can take surrounding GDPR.

I’m ready to get started!

Enter your information to get started

Your personalized guide to readiness is just moments away

With your personalized guide, you will be able to see what critical areas you may still need to address, based on the answers you provide. The report will also save your progress as you complete various steps along the way and serve as a checklist and guide throughout your GDPR journey.

Once you access your report, feel free to bookmark the page and return at your convenience to track your progress.

About GDPR

GDPR aims to harmonize data protection across all 28 EU member states and businesses within the regions. If your organization is active across the EU, understanding and activating initiatives related to GDPR is necessary in order to continue conducting business.

swipe for more

Your personalized guide to readiness is just moments away

With your personalized guide, you will be able to see what critical areas you may still need to address, based on the answers you provide. The report will also save your progress as you complete various steps along the way and serve as a checklist and guide throughout your GDPR journey.

Once you access your report, feel free to bookmark the page and return at your convenience to track your progress.

About GDPR

GDPR aims to harmonize data protection across all 28 EU member states and businesses within the regions. If your organization is active across the EU, understanding and activating initiatives related to GDPR is necessary in order to continue conducting business.

Your Progress
Prev Next

Assess

It’s important to understand your GDPR obligations and assess your organization’s general state of readiness.

Building a roadmap of potential risk and compliance challenges, finding and mapping where all personal data is stored, shared, and collected, and having a team in place to address data privacy concerns are all critical to this step.

Swipe to continue

Which of the following have you implemented to prepare for GDPR? (select all that apply)

Created a cross-functional GDPR team
Performed a GDPR readiness assessment
Completed a data mapping exercise
Reviewed your privacy policy and statements
Are a signatory to Privacy Shield
Completed a GDPR risk management exercise
Performed detailed personal data discovery and classification
Identified access risks and vulnerabilities
Prev Next

Design

With knowledge of what type of data your organization collects and where across your infrastructure it is stored, it is time to properly design protocols to outline who should have access to what data.

Organizations need to design technical and organizational measures (TOMs) against an appropriate GDPR risk model in order to establish rules against who can view, share, and/or collect personal data.

Swipe to continue

Which of the following have you implemented to prepare for GDPR? (select all that apply)

Developed your GDPR implementation plan (roadmap)
Completed data protection/data privacy by design
Reviewed access controls
Completed your technical and organizational measures (TOMs)
Enhanced your GDPR-related security requirements
Developed your data incident/breach response and forensic practices
Prev Next

Transform

A critical part of preparing for GDPR is transforming the way your infrastructure handles personal data.

This includes accelerating all personal data discovery processes and increasing the automation of data subject access requests, while ensuring employees handling data are trained and understand the policies associated with specific data.

Swipe to continue

Which of the following have you implemented to prepare for GDPR? (select all that apply)

Started your GDPR transformation
Started GDPR training
Began your risk mitigation practices
Implemented GDPR-related policies, practices and technologies
Implemented your privacy-enhancing controls
Implemented your security controls
Prev Next

Operate

Organizations are encouraged to consider solutions designed to operate across all circumstances that could be affected by GDPR.

This includes identifying data weaknesses, securing stored data, and establishing proper operations to be able to respond to a data breach in an event of an incident.

Swipe to continue

Which of the following have you implemented to prepare for GDPR? (select all that apply)

Run controller/processor practices
Run GDPR enterprise conformance programs
Monitored security operations
Monitored protected data access
Managed data subject access requests (DSARs)
Developed and implemented ongoing metrics and reporting
Prev Next

Conform

The ability to document your conformance to GDPR regulations will be crucial to show that your organization is compliant.

With access to proper reporting, your organization should be able to track and identify who accessed personal data, where they accessed it from, when it was accessed, and how. These insights can then be shared with auditors, controllers, and data protection officers to show your compliance status.

Swipe to continue

Which of the following have you implemented to prepare for GDPR? (select all that apply)

Responded to and managed data incidents and breaches
Refined data subject access request (DSAR) practices 
Refined your GDPR enterprise conformance program
Refined your data processor/controller governance and audit practices
Optimized your security program
Prev Finish
Get my personalized report

Your Personalized Guide to GDPR Readiness

Request Consultation

How to use your Personalized Guide to GDPR Readiness

Your personalized report been generated based on your selections. Explore your suggested GDPR to-do list below to learn about each step and discover the ways in which IBM Security can help you on your path toward GDPR readiness.

 

Be sure to bookmark this page, as doing so will save your progress, so you can return to continue later.

Congratulations!

You’ve finalized your Guide to GDPR Readiness checklist. Well done! However, that doesn’t mean your GDPR journey is complete. Continue to use the checklist below and the details on this page to discover the ways in which IBM Security can help you on your path toward GDPR readiness.

Your Guide to GDPR Readiness

bookmark bookmark this page
Your top recommended IBM solution
Your checklist is complete!
GDPR To-Do List Progress
critical steps completed
recommended steps completed

Your Personalized GDPR To-Do List is Ready

Show my to do list

Assess

Created a cross-functional GDPR team View
Performed a GDPR readiness assessment View
Completed a data mapping exercise View
More Less toggle
Tip: Assess Your GDPR Impact

Conduct GDPR risk and privacy assessments across governance, people, processes, data, and security. Leverage available tools to develop a GDPR readiness roadmap and implementation plan.

x
<
>

Design

Developed your GDPR implementation plan (roadmap) View
Completed data protection/data privacy by design View
Reviewed access controls View
More Less toggle
Tip: Design a Plan with Standards

Design governance, training, communications, and process standards across your business. Extend standards across privacy, data and security management.

x
<
>

Transform

Started your GDPR transformation View
Started GDPR training View
Began your risk mitigation practices View
More Less toggle
Tip: Transform Your Data Processes

Develop and embed procedures, processes, and tools around customer, employee, and business contact data. Implement personal data discovery, classification, and governance practices according to risk.

x
<
>

Operate

Run controller/processor practices View
Run GDPR enterprise conformance programs View
Monitored security operations View
More Less toggle
Tip: Develop A Framework

While there are many changes you may have to make to become GDPR-ready, it’s important to have a framework that helps you execute across all relevant business processes.

x
<
>

Conform

Responded to and managed data incidents and breaches View
Refined data subject access request (DSAR) practices  View
Refined your GDPR enterprise conformance program View
More Less toggle
Tip: Track Your Progress

Monitor, access, audit, report and evaluate adherence to all your new GDPR standards. Ongoing monitoring and reporting will be critical should you need to properly notify parties of a breach.

x
<
>
Show my GDPR to do list Hide my GDPR to do list
toggle
Show my GDPR to do list Hide my GDPR to do list

swipe for next topic
Created a cross-functional GDPR team View
Performed a GDPR readiness assessment View
Completed a data mapping exercise View
Reviewed your privacy policy and statements View
Are a signatory to Privacy Shield View
Completed a GDPR risk management exercise View
Performed detailed personal data discovery and classification View
Identified access risks and vulnerabilities View
Identified access risks and vulnerabilities
CLOSE
<
>
Tip: Assess Your GDPR Impact

Conduct GDPR risk and privacy assessments across governance, people, processes, data, and security. Leverage available tools to develop a GDPR readiness roadmap and implementation plan.

Developed your GDPR implementation plan (roadmap) View
Completed data protection/data privacy by design View
Reviewed access controls View
Completed your technical and organizational measures (TOMs) View
Enhanced your GDPR-related security requirements View
Developed your data incident/breach response and forensic practices View
Developed your data incident/breach response and forensic practices
CLOSE
<
>
Tip: Design a Plan with Standards

Design governance, training, communications, and process standards across your business. Extend standards across privacy, data and security management.

Started your GDPR transformation View
Started GDPR training View
Began your risk mitigation practices View
Implemented GDPR-related policies, practices and technologies View
Implemented your privacy-enhancing controls View
Implemented your security controls View
Implemented your security controls
CLOSE
<
>
Tip: Transform Your Data Processes

Develop and embed procedures, processes, and tools around customer, employee, and business contact data. Implement personal data discovery, classification, and governance practices according to risk.

Run controller/processor practices View
Run GDPR enterprise conformance programs View
Monitored security operations View
Monitored protected data access View
Managed data subject access requests (DSARs) View
Developed and implemented ongoing metrics and reporting View
Developed and implemented ongoing metrics and reporting
CLOSE
<
>
Tip: Develop A Framework

While there are many changes you may have to make to become GDPR-ready, it’s important to have a framework that helps you execute across all relevant business processes.

Responded to and managed data incidents and breaches View
Refined data subject access request (DSAR) practices  View
Refined your GDPR enterprise conformance program View
Refined your data processor/controller governance and audit practices View
Optimized your security program View
Optimized your security program
CLOSE
<
>
Tip: Track Your Progress

Monitor, access, audit, report and evaluate adherence to all your new GDPR standards. Ongoing monitoring and reporting will be critical should you need to properly notify parties of a breach.

IBM Security can help you prepare for GDPR now

We’ve identified a number of offerings that can help address existing needs in your preparedness

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.  The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.