IBM Integrates GDPR Features Into Resilient Incident Response Platform - Page 2

Resilient Systems was founded in September 2011 and was originally known as CO3 until the company changed its name in February 2015. The company was acquired by IBM in February 2016.

Julian said that Resilient has always included data about personally identifiable information (PII) as part of the incident response platform, though GDPR has many specific nuances that are being addressed with the new capabilities. The GDPR Preparatory Guide is a new capability for Resilient and is something that it hasn't done before for other compliance efforts. With the GDPR Preparatory Guide, Julian said there is information and checklists for various GDPR requirements. The guide is tied to the overall Incident Response Platform, providing users with workflows to help make the requirements actionable.

Understanding what is required by GDPR is one thing, actually being prepared to handle a privacy breach notification, under the GDPR regime is another. That's where the new Resilient GDPR Simulation function will come into play, providing organizations with the ability to work through a simulated event to ensure they are prepared.

"A best practise for organizations is to run a simulation every quarter to test out something that perhaps the organization doesn't have regular experience with," Julian said. "In doing so, gaps can be found and the process can be improved, so when a real breach occurs the organization can be prepared."

The Resilient GDPR-Enhanced privacy module further enhances the Incident Response Platform with specific rules for breach disclosure under GDRP. Julian said that different jurisdictions have long had various rules for when a breach needs to be publicly disclosed.

Julian explained that part of the value that Resilient provides provides is to map the breach disclosure regulations of a jurisdiction to the details of a specific incident. As such, a user inputs the number of records that were lost in a data breach, the nature of the data and where the records were stored. Then the Resilient system will make a determination whether or not disclosure is required. It's also important to understand who needs to be notified in the event of a data breach, which is also information that is part of the Resilient system.

Among the biggest risks associated with GDPR is the penalty phase for non-compliance, which can reach to four percent of a company's revenues. Though the risks associated with non-compliance are large, many organizations are still largely unaware of GDRP requirements.

According to a new study from the Data Protection Commissioner (DPC) conducted by Amárach Research, 59 percent of small and medium sized organization were unaware of the large-scale fines that could be imposed for non-compliance with GDPR. A study conducted by Varonis Systems today reported that 75 percent of organizations will struggle to meet GDPR regulations by the deadline, one year from today.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.