If your organisation carries out business in the European Union, then you may be aware that your life is about to become a lot more complicated starting in May 2018. That’s when the new EU General Data Protection Regulation (GDPR) will take effect. IBM is positioned to help you develop strategies to address the challenges of the GDPR. Our Pathways for GDPR readiness are phased programme engagement points and cognitive capabilities which can accelerate your journey. This new, stronger regulation will aim to harmonise data protection across all 28 EU Member States. In some cases, it will merely strengthen or enhance specific rights which are already in place under many local data privacy laws, whilst other rights and obligations will be introduced for the first time.
The EU has more than 700 million residents and 26 million active businesses which will be impacted directly by the GDPR. In addition, much of the regulation is expected to apply to the data of individuals from the EEA (but non-EU) member states — Norway, Iceland and Liechtenstein — as these countries will likely standardise on many of the same rules included in the GDPR, once it is incorporated into the 1992 EEA Agreement. (It is currently adopted under scrutiny by the EEA EFTA.1 ) Adding to the complexity is the fact that the GDPR is explicitly stated to be extraterritorial in certain broad circumstances. This means that organisations without a physical market presence in the EU will still be required to comply with the GDPR if the following conditions apply: • The organisation offers paid or unpaid goods or services to individuals located in the EU • The organisation is monitoring the behaviour of individuals within the EU In addition, if you work with suppliers or partners that operate in the EU, they will most likely expect you to comply with the GDPR in order to limit their own risk. Simply put, GDPR compliance will soon be considered a requirement to conduct business in Europe. IBM views the GDPR as a competitive business opportunity, as it may inspire enterprises to adopt unified information governance as part of their core strategy. Unified governance can provide the foundation for success in the digital age. It can be the framework to transform a business by providing insights about what data the business has, where the data is stored, how the data can be used to maximise value and minimise risk, and how to handle the data in a manner that can build trust with individuals.