IBM Resilient launches GDPR preparedness tool
Written by staff reporter
IBM Resilient has launched a new offering aimed at helping companies address the new General Data Protection Regulation (GDPR).
GDPR may require significant changes to the way organisations respond to consumer data breaches. For example, any organisation that does business in Europe will have 72 hours to notify the supervising authority and data subject of a breach, or risk being fined €20 million or up to 4% of their global annual turnover. A recent Ponemon Institute study found that 75% of organisations admit they lack a formal cyber security incident response plan applied consistently across the organisation, meaning that GDPR response could prove to be challenging.
IBM's new capabilities include a 'GDPR Preparatory Guide' -- an interactive tool that prescribes step by step how you can prepare for GDPR. The guide leverages the flexibility of the Resilient IRP and makes preparation and planning interactive and dynamic. Tasks in the guide can be modified or assigned to more effectively manage the GDPR preparation workflow for the organisation, beyond breach notification. The Resilient GDPR Preparatory Guide covers all aspects of preparation and are captured in detail, making it easier to track and document for the future.
An additional function within the Resilient IRP helps security analysts within an organisation rehearse the actions they may need to take if they experience a breach under GDPR, such as practicing for the 72-hour breach requirement, assessing risk of harm, or communicating with the data protection officer and data protection authority. As part of the simulation, analysts assess a risk as high, medium or low, and follow the steps of engaging with a DPA and notifying the consumers whose data was compromised.
IBM Resilient clients will have access to the database of GDPR-related guidelines and regulations embedded into an incident response platform. GDPR’s extraterritorial provision means that non-EU-based companies that market to or process the information of EU Data Subjects are also affected. Despite this far-reaching impact, the Ponemon study shows that only about half of the 4,268 IT and IT security professionals surveyed have started to prepare for the GDPR regulation.
“GDPR is ushering in some of the most important changes to European data privacy regulations in twenty years, much of it involving policies and documentation that are difficult to improve with technology,” said IBM Resilient CEO John Bruce. “The Resilient Incident Response Platform is designed to help businesses comply with GDPR. It prescribes and can orchestrate people, process and technology in specific responses to data breaches.”