IBM Security Launches New Capabilities to Help Clients with Impending EU General Data Protection Regulation

IBMIBM (NYSE: IBM) has announced new incident response capabilities, from its IBM Resilient security portfolio, to help companies address the new General Data Protection Regulation (GDPR). These capabilities are designed to help clients rehearse, prepare for and manage the new regulations. GDPR is one of the biggest changes in data privacy law in decades which goes into effect on May 25, 2018.

GDPR may require significant changes to the way organizations respond to consumer data breaches. For example, any organization that does business in Europe will have 72 hours to notify the supervising authority and data subject of a breach, or risk being fined €20 million or up to 4 percent of their global annual turnover. A recent Ponemon Institute study found that 75 percent of organizations admit they lack a formal cyber security incident response plan (CSIRP) applied consistently across the organization, meaning that GDPR response could prove to be challenging.[1]

IBM Security is launching new GDPR capabilities to its Resilient Incident Response platform (IRP) a year ahead of the 2018 deadline to give organizations time to begin preparing and adapting. New capabilities include:

  • Resilient GDPR Preparatory Guide. An interactive tool that prescribes step by step how you can prepare for GDPR. The guide leverages the flexibility of the Resilient IRP and makes preparation and planning interactive and dynamic. Tasks in the guide can be modified or assigned to more effectively manage the GDPR preparation workflow for the organization, beyond breach notification. The Resilient GDPR Preparatory Guide covers all aspects of preparation and are captured in detail, making it easier to track and document for the future.
  • Resilient GDPR Simulation. A new function within the Resilient IRP helps security analysts within an organization rehearse the actions they may need to take if they experience a breach under GDPR, such as practicing for the 72-hour breach requirement, assessing risk of harm, or communicating with the Data Protection Officer (DPO) and Data Protection Authority (DPA). As part of the simulation, analysts assess a risk as high, medium or low, and follow the steps of engaging with a DPA and notifying the consumers whose data was compromised. The Ponemon study also found that the top barrier to cyber resilience is insufficient planning and preparedness; GDPR simulations can help reduce this barrier.
  • Resilient GDPR-Enhanced Privacy Module. IBM Security added GDPR regulations to its global privacy module and will continue to update it so that once GDPR becomes enforceable on May 25, 2018, IBM Resilient clients will have access to the database of GDPR-related guidelines and regulations embedded into an incident response platform. GDPR’s extraterritorial provision means that non-EU-based companies that market to or process the information of EU Data Subjects are also affected. Despite this far-reaching impact, the Ponemon study shows that only about half of the 4,268 IT and IT security professionals surveyed have started to prepare for the GDPR regulation. [1]

"GDPR is ushering in some of the most important changes to European data privacy regulations in twenty years, much of it involving policies and documentation that are difficult to improve with technology," said IBM Resilient CEO John Bruce. "The Resilient Incident Response Platform is designed to help businesses comply with GDPR. It prescribes and can orchestrate people, process and technology in specific responses to data breaches."

Most organizations already struggle with responding to cyber incidents. According to another Ponemon study, 66 percent of the professionals surveyed say they are not confident in their organization’s ability to recover from a cyber incident. Moreover, 41 percent say the time to resolve a cyber incident has increased in the past 12 months.[2]

"GDPR will add a new set of challenges for most organizations," said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. "Our research shows that most companies globally do not feel confident in their ability to comply with data breach notification requirements. To get ahead of these challenges, organizations should be proactive about establishing processes and owners for ensuring compliance with the new requirements."

The GDPR-enhanced Privacy Module is designed to reduce the time and complexity of responding to a data breach under the new regulation. For example, a US-based company with customers in Europe and the US could experience a breach that affects customers in Germany and in Massachusetts, California, and New York. Without access to the Resilient IRP, the company would have to know what to do - and who to contact - to comply with GDPR for their German customers, as well as knowing the people and processes involved in complying with the relevant and varying US federal and state laws for MA, CA, and NY.

The Resilient IRP is part of the IBM Security immune system, which helps clients out smart threats by incorporating the very latest in cognitive, cloud and collaboration technologies.

About IBM Resilient
IBM Resilient's mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry's leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 200 global customers, including 50 of the Fortune 500, and hundreds of partners globally. Learn more at www.resilientsystems.com.

About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 35 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. For more information, please visit www.ibm.com/security.

1. Ponemon Institute and IBM Resilient, "The Cyber Resilient Organization" 2016
2. Ponemon Institute and Citrix, "The Need for a New IT Security Architecture" 2017

Most Popular Now

Gait Assessed with Body-Worn Sensors may…

Body-worn sensors used at home and in clinic by people with mild Alzheimer's to assess walking could offer a cost-effective way to detect early disease and monitor progression of the...

Applications for the G4A Global Accelera…

Founded in 2013 in Berlin initially giving out grants to innovative healthcare apps, G4A Accelerator is now a global program dedicated to helping innovative health & care startups grow and...

Siemens Healthineers Fully on Track to M…

Siemens Healthineers AG has posted good business figures in the first quarter following its successful initial public offering on March 16, 2018. Year-over-year revenue was up four percent at EUR...

How Blockchain Technology will Change th…

Opinion Article by Michael Krusche, founder and CEO of K&C. Let's imagine a world where all medical information about a patient is securely kept within a single system, and they can...

The Big Ethical Questions for Artificial…

AI in healthcare is developing rapidly, with many applications currently in use or in development in the UK and worldwide. The Nuffield Council on Bioethics examines the current and potential...

How to Build GDPR and HIPAA Compliant He…

The adoption of cloud and mobile technologies in healthcare is disrupting the services delivery models, and responsibilities and risks for involved actors. By their very nature, eHealth applications collect and...

Computers Equal Radiologists in Assessin…

Automated breast-density evaluation was just as accurate in predicting women's risk of breast cancer, found and not found by mammography, as subjective evaluation done by radiologists, in a study led...

International Masters's in Medical Infor…

The Master of Science Program in Medical Informatics (MMI) at European Campus Rottal-Inn (ECRI)in Pfarrkirchen - a branch of the Deggendorf University of Applied Sciences (THD - Technische Hochschule Deggendorf)...

Novartis Launches FocalView App, Providi…

Novartis announced the launch of its FocalView app, an ophthalmic digital research platform created with ResearchKit. FocalView aims to allow researchers to track disease progression by collecting real-time, self-reported data...

Consultation: Transformation Health and …

The present report provides an analysis of the results of consultation activities carried out by the European Commission in preparation of a Communication on the Transformation of Health and Care...

Data in the EU: Commission Steps Up Effo…

The European Commission is putting forward a set of measures to increase the availability of data in the EU, building on previous initiatives to boost the free flow of non-personal...

Philips Expands its Sleep & Respirat…

Royal Philips (NYSE: PHG, AEX: PHIA), a global leader in health technology, today announced that it has acquired NightBalance, a digital health scale-up company based in the Netherlands, that has...