IBM has announced new incident response capabilities, from its IBM Resilient security portfolio, to help companies address the new General Data Protection Regulation (GDPR). These capabilities are designed to help clients rehearse, prepare for and manage the new regulations. GDPR is one of the biggest changes in data privacy law in decades which goes into effect on May 25, 2018.
GDPR may require significant changes to the way organizations respond to consumer data breaches. For example, any organization that does business in Europe will have 72 hours to notify the supervising authority and data subject of a breach, or risk being fined €20 million or up to 4 percent of their global annual turnover. A recent Ponemon Institute study found that 75 percent of organizations admit they lack a formal cyber security incident response plan (CSIRP) applied consistently across the organization, meaning that GDPR response could prove to be challenging. 
IBM Security is launching new GDPR capabilities to its Resilient Incident Response Platform (IRP) a year ahead of the 2018 deadline to give organizations time to begin preparing and adapting. New capabilities include:
“GDPR is ushering in some of the most important changes to European data privacy regulations in twenty years, much of it involving policies and documentation that are difficult to improve with technology,” said IBM Resilient CEO John Bruce. “The Resilient Incident Response Platform is designed to help businesses comply with GDPR. It prescribes and can orchestrate people, process, and technology in specific responses to data breaches.”
Most organizations already struggle with responding to cyber incidents. According to another Ponemon study, 66 percent of the professionals surveyed say they are not confident in their organization’s ability to recover from a cyber incident. Moreover, 41 percent say the time to resolve a cyber incident has increased in the past 12 months. 
“GDPR will add a new set of challenges for most organizations,” said Dr. Larry Ponemon, Chairman, and Founder of the Ponemon Institute. “Our research shows that most companies globally do not feel confident in their ability to comply with data breach notification requirements. To get ahead of these challenges, organizations should be proactive about establishing processes and owners for ensuring compliance with the new requirements.”
The GDPR-enhanced Privacy Module is designed to reduce the time and complexity of responding to a data breach under the new regulation. For example, a US-based company with customers in Europe and the US could experience a breach that affects customers in Germany and in Massachusetts, California, and New York. Without access to the Resilient IRP, the company would have to know what to do – and who to contact – to comply with GDPR for their German customers, as well as knowing the people and processes involved in complying with the relevant and varying US federal and state laws for MA, CA, and NY.
The Resilient IRP is part of the IBM Security immune system, which helps clients outsmart threats by incorporating the very latest in cognitive, cloud and collaboration technologies.
 Ponemon Institute and IBM Resilient, “The Cyber Resilient Organization” 2016
 Ponemon Institute and Citrix, “The Need for a New IT Security Architecture” 2017
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions