Light Dark
December 16, 2016 By Cathal O'Donovan 2 min read
Cloud Security
Data Protection

In December 2015, the European Union (EU) announced a framework designed to combine the various data protection laws throughout the region. The General Data Privacy Regulation (GDPR) impacts many industries, from coffee shops to football clubs. It essentially affects any institution that retains personal information, especially businesses that store or handle data in multiple countries. In this digital age, our end users could be anywhere.

New Challenges Under the GDPR Compliance Regulations

Preparing for the GDPR compliance regulations is a companywide challenge, not just for the ops and compliance teams. The regulation will broaden the scope of what qualifies as personal and sensitive information when it takes effect in May 2018, requiring security teams to review how they store and encrypt this data. Additionally, companies will be required to produce copies of any customer data it collects upon request.

Under the GDPR, companies must report data breaches to the Supervisory Authority (SA) within 72 hours. This will require chief information security officers (CISOs), chief technology officers (CTOs) and legal teams to review or create processes and procedures and adopt new technologies. To remain compliant with the GDPR, IT leaders must equip their security ecosystems with effective identity and access management (IAM), encryption, log management and incident management tools.

Preparing for the GDPR

To prepare for the GDPR, executives, employees and managers must understand how it impacts operational practices at every level. Cloud operations managers must determine what personal data they are currently storing, where it lives, how it flows within the organization and how it is secured. Determine how personal data is shared and whether third parties will need to access it.

It’s important to review all data retention schedules, cross-border data transfers and privacy notices. IT managers should also work with the lines of business to review data subject consent and choice mechanisms. Then they determine how to respond to access, correction and erasure requests.

Organizations must take these steps as soon as possible or risk paying up to 4 percent of their annual revenue for violating the GDPR compliance regulations.

Read the Interactive Solution Brief: Ready, Set, GDPR

 |  |  |  |  |  | 
Cathal O'Donovan
DevOps Manager, IBM

More from Cloud Security
January 22, 2025

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

January 8, 2025

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature