This blog was originally published in the IBM Big Data & Analytics Hub on June 5, 2018.
For some time now, IBM has been working with customers as they work towards GDPR compliance, tackling the challenges from industries as varied as telecommunications, financial services, media and manufacturing.
Here are some examples of how companies have prepared for the GDPR and in the process, built a foundation to foster closer, more valuable relationships with customers.
The Coach’s take: When entering the unknown, look to others for guidance. Learn more about IBM’s own GDPR readiness journey, and its GDPR capabilities and offerings.
With the help of IBM, a multinational consumer goods company performed a GDPR readiness assessment to identify essential governance, process, people, data and security initiatives. Then IBM helped define a data privacy officer (DPO) role and made recommendations on how the DPO could be incorporated into the organization. Finally, IBM set out a roadmap of recommended steps to help the the company prepare for the GDPR.
The big lesson: GDPR compliance is a cross-functional effort. Does your GDPR compliance plan cover data intake, storage, usage, maintenance and disposal?
Today’s car manufacturers can learn a lot from the data produced by customers using their vehicle’s software-enabled features. This makes the automotive industry highly sensitive to GDPR data protection principles.
An IBM team worked with a leading manufacturer’s marketing, sales and service departments to perform process and system impact analyses, as well as an application audit. The team then worked with legal and business leads and the GDPR program manager to develop a high-level compliance roadmap.
The big lesson: What counts as personal data under GDPR may not appear all that personal on the face of it. In this example, even “technical data” like a vehicle identification number is considered personal. Do you know what it takes to create a sustainable, governed data assets for the GDPR and beyond?
Insurance companies often create profiles for customers based on personal data such as job roles, demographics, socioeconomics, health status, hobbies and location.
To get ready for GDPR, one insurer collaborated with IBM to design, implement and manage a three-year GDPR and binding corporate rules (BCR) program. The program included a gap analysis’ readiness and remediation; and regulatory, policy and operational support for the insurer and its subsidiaries.
The big lesson: The GDPR journeys undertaken by others have established best practices and services that can also jumpstart GDPR compliance for others. Do you have a clear roadmap for getting ready for GDPR?
For years, banks have been battling the data silos that result from poorly integrated applications. Using the IBM GDPR pathways methodology and a gap analysis exercise, a large UK bank developed solutions to improve data aggregation and risk profile accuracy. Subsequently, the bank used these solution definitions to implement a GDPR roadmap to ready itself for May 2018.
The big lesson: IBM offers an extensive set of data discovery and data mapping tools to help identify and mitigate against data security and access risks. What does a good security GDPR framework look like?
The Coach’s take: Total mastery of all events in a new business environment is impossible. But gaining a level of control over them is within any well-run organisation’s capability.
It is a feature of financial services institutions in general that they collect, store and use vast amounts of personal data to provide services or support decision making. IBM helped one such company define a robust data governance framework for its personal data, then worked to prioritize steps for bringing it to life.
This process involved a data management capability review and defining a customized data mapping methodology to bring the company in line with the GDPR’s records of processing requirements.
The big lesson: It’s crucial to translate GDPR into actions, norms and values. Look at the blog – GDPR: It’s a cultural thing – for more on this.
The customer and colleague protection team at a media firm wanted to better protect their customers’ data better and meet GDPR requirements. They were already using the IBM Security® Guardium® solution and realised that this data protection platform should be their GDPR starting point. The company added advanced features to assess vulnerabilities, locate sensitive data and enforce policies. They also expanded the deployment to perform sensitive activity monitoring on an additional 60 database servers.
The big lesson: Help make compliance manageable with a single data protection infrastructure for your entire environment, from databases and big data to the cloud and file systems. How do you find the data you need to protect and the security gaps that need filling?
A European telecom company called on IBM to help update some of its applications to support the GDPR’s 30-day customer data access requests as well as record more explicit consent. IBM served as the primary system integrator, overseeing all GDPR technical implementation work and providing architectural oversight to third-party suppliers.
The big lesson: Modernising data infrastructure and governance can help you both meet GDPR requirements and unlock the full value of your data assets. How can a unified governance approach make it possible to discover hidden business insights?
For more from the ‘Coach’ take a look at the rest of this GDPR series.
Not a member? Join the community
Already a member? Sign in
Become a CGOC Member and have access to resources, white papers, surveys, proceedings, and practice tools such as the Information Economic Process Assessment Kit. CGOC Members receive first priority to regional CGOC executive meetings around the world.
Asterisks (*) indicate fields required for registration