IBM hands greater data controls to clients ahead of looming GDPR deadline

The changes mean advertisers will be afforded greater control and transparency over where their data lives

IBM has made the bold move of giving clients in Europe greater control and transparency over where their data is stored, announcing major upgrades to its central cloud centre in Germany.

Most significantly, new processes will be implemented to ensure access to client data is restricted to and controlled by EU-based IBM employees only. The upgrade will be rolled out in December 2017.

The changes mean advertisers will be afforded greater control and transparency over where their data is stored, who has access to it, and what they can do with this access.

IBM Cloud clients will also be able to review and approve all non-EU access requests to their content if an instance requires support or access from a non-EU based employee.

The precautions comes ahead of the deadline for compliance with the pan-EU General Data Protection Regulations (GDPR) in May 2018. The reform is one of the most significant in years at 200-pages long and formalises concepts like the ‘right to be forgotten’, data breach accountability, data portability and more.

Huge fines of €20m, or up to 4% of global revenues, have been threatened for non-compliance, but a recent study from the Direct Marketers Association (DMA) indicated that one in seven firms aren't prepared.

IBM is implementing its new controls across its full cloud architecture stack, including infrastructure and services like AI, data and analytics. It is also offering round-the-clock staff assistance to European cloud customers.

Advanced encryption capabilities will roll out in the new year, allowing clients to unlock their data on request. The company has said in time the upgrades could also be applied to other markets.

IBM said that while clients' transition to the cloud presented "enormous" opportunities for firms operating in Europe, that the transition also means there is a need for greater responsibility.

The upgrades also come amid a study from the International Association of Privacy Professionals (IAPP) which found that just 41% of firms who aren't yet compliant expect to be so by the 18 May deadline (see chart).

The European Commission estimates that the value of the data economy in the EU can increase to €739bn by 2020. IBM's announcement was made during Dreamforce – Salesforce's annual conference.

Rebecca Stewart

Rebecca Stewart is a reporter at The Drum. Based in London, she writes news, analysis and features around brand marketing and digital innovation. She has interviewed key figures from the likes of Airbnb, Amnesty International, Unilever, Facebook and Spotify, as well as covering international events like Ad Week Europe, Dmexco and Ciclope.

All by Rebecca