GDPR is Here, Experts Weigh in on What’s Next
The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, marking a turning point for how organizations manage personal data.
KMWorld recently held a webinar with John Bowman, senior principal, promontory formerly GDPR Lead Negotiator, UK Ministry of Justice; Virginia Chinda-Coutts, senior director of data protection, DST Systems; and Jessica Douglas, IBM executive partner, GDPR client services, Europe, who discussed the value of GDPR and good governance for businesses.
Regulators are prepared to focus on enterprises that don’t adhere to these new guidelines, according to Bowman.
Increased staffing and new operational models have been adopted by regulators. The European Data Protection Board (EPDB) Secretariat in Brussels will manage crossborder cases and the operation of the consistency mechanism. WP29 Guidelines have been endorsed by EDPB. And All EU regulators now have the power to issue fines.
Data breaches will be the initial focus of investigations, and significant incidents will involve cross-border cooperation. Transparency and clarity about legal basis of processing will be a focus of attention. Many investigations will be complaint driven. Article 30 records of processing activities will be examined during an investigation – accountability is key.
IBM can help enterprises get ready for GDPR, according to Douglas. The five core areas to get ready for GDPR include:
- Discovery and Mapping Know your relevant data: Understand where personal data resides.
- Records of Processing Activities (Art. 30) Capture your processing activities on personal data and demonstrate progression towards Article 30 readiness.
- Data Subject Access Rights Enable your organization to respond to access requests by Data Subjects within the timescales defined in GDPR.
- Governance and Lifecycle Management Protect Personal Data: Safeguard data by applying anonymization and minimization techniques.
- Manage Consent Help you manage consent of Data Subjects to meet the GDPR standard.
IBM unified governance and integration provides the following benefits for enterprises adhering to GDPR:
- Define, Discovery and Mapping Information Server (Information Analyzer, Information Governance Catalog), StoredIQ, Industry Models w/GDPR content
- Records of Processing Activities (Art. 30) Information Server (Information Analyzer, Information Governance Catalog), StoredIQ, Cognos 11 Admin
- Data Subject Access Rights Information Governance Catalog, Master Data Management, Atlas, StoredIQ, Optim, Case Manager, Watson Explorer
- Governance and Lifecycle Management Information Governance Catalog, Optim Test Data Management and Data Privacy / Test Data Fabrication / Archive, IBM Atlas, StoredIQ for Legal 5. Manage Consent Master Data Management, Consent Mgmt (+ Lab Services)
An archived on-demand replay of this webinar is available here.