7 GDPR readiness success stories to inspire any company

Distinguished Engineer and Security CTO, IBM

In a series of blog posts, IBM is offering coaching to get businesses into shape so they can thrive in the new data era.

For some time now, IBM has been working with customers as they work towards GDPR compliance, tackling the challenges from industries as varied as telecommunications, financial services, media and manufacturing.

Here are some examples of how companies have prepared for the GDPR and in the process, built a foundation to foster closer, more valuable relationships with customers.

The Coach’s take: When entering the unknown, look to others for guidance. Learn more about IBM's own GDPR readiness journey, and its GDPR capabilities and offerings.

Cross-functional collaboration at a consumer goods company

With the help of IBM, a multinational consumer goods company performed a GDPR readiness assessment to identify essential governance, process, people, data and security initiatives. Then IBM helped define a data privacy officer (DPO) role and made recommendations on how the DPO could be incorporated into the organization. Finally, IBM set out a roadmap of recommended steps to help the the company prepare for the GDPR.

The big lesson: GDPR compliance is a cross-functional effort. Does your GDPR compliance plan cover data intake, storage, usage, maintenance and disposal?

A car giant gets its GDPR house in order

Today’s car manufacturers can learn a lot from the data produced by customers using their vehicle’s software-enabled features. This makes the automotive industry highly sensitive to GDPR data protection principles.

An IBM team worked with a leading manufacturer’s marketing, sales and service departments to perform process and system impact analyses, as well as an application audit. The team then worked with legal and business leads and the GDPR program manager to develop a high-level compliance roadmap.

The big lesson: What counts as personal data under GDPR may not appear all that personal on the face of it. In this example, even “technical data” like a vehicle identification number is considered personal. Do you know what it takes to create a sustainable, governed data assets for the GDPR and beyond?

A 3-year GDPR roadmap for an insurer

Insurance companies often create profiles for customers based on personal data such as job roles, demographics, socioeconomics, health status, hobbies and location.

To get ready for GDPR, one insurer collaborated with IBM to design, implement and manage a three-year GDPR and binding corporate rules (BCR) program. The program included a gap analysis’ readiness and remediation; and regulatory, policy and operational support for the insurer and its subsidiaries.

The big lesson: The GDPR journeys undertaken by others have established best practices and services that can also jumpstart GDPR compliance for others. Do you have a clear roadmap for getting ready for GDPR?

UK bank reduces reduces GDPR risk exposure

For years, banks have been battling the data silos that result from poorly integrated applications. Using the IBM GDPR pathways methodology and a gap analysis exercise, a large UK bank developed solutions to improve data aggregation and risk profile accuracy. Subsequently, the bank used these solution definitions to implement a GDPR roadmap to ready itself for May 2018.

The big lesson: IBM offers an extensive set of data discovery and data mapping tools to help identify and mitigate against data security and access risks. What does a good security GDPR framework look like?

The Coach’s take: Total mastery of all events in a new business environment is impossible. But gaining a level of control over them is within any well-run organisation’s capability.

Governance in the financial sector

It is a feature of financial services institutions in general that they collect, store and use vast amounts of personal data to provide services or support decision making. IBM helped one such company define a robust data governance framework for its personal data, then worked to prioritize steps for bringing it to life.

This process involved a data management capability review and defining a customized data mapping methodology to bring the company in line with the GDPR’s records of processing requirements.

The big lesson: It’s crucial to translate GDPR into actions, norms and values. Look at the blog – GDPR: It’s a cultural thing – for more on this.

A media business protects its customers’ personal data

The customer and colleague protection team at a media firm wanted to better protect their customers’ data better and meet GDPR requirements. They were already using the IBM Security® Guardium® solution and realised that this data protection platform should be their GDPR starting point. The company added advanced features to assess vulnerabilities, locate sensitive data and enforce policies. They also expanded the deployment to perform sensitive activity monitoring on an additional 60 database servers.

The big lesson: Help make compliance manageable with a single data protection infrastructure for your entire environment, from databases and big data to the cloud and file systems. How do you find the data you need to protect and the security gaps that need filling?

European telco brings apps up to date

A European telecom company called on IBM to help update some of its applications to support the GDPR’s 30-day customer data access requests as well as record more explicit consent. IBM served as the primary system integrator, overseeing all GDPR technical implementation work and providing architectural oversight to third-party suppliers.

The big lesson: Modernising data infrastructure and governance can help you both meet GDPR requirements and unlock the full value of your data assets. How can a unified governance approach make it possible to discover hidden business insights?

With the help of IBM, each of these companies got ahead of the game on their GDPR readiness. Their experience can help guide others. Learn more by exploring the IBM GDPR readiness journey and its GDPR capabilities and offerings.

For more from the ‘Coach’ take a look at the rest of this GDPR series.

Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.