Interview with Reiner Egeler of IBM

2020-03-30, by Julia Bialek, Head of GDPR Conference, EIPS
Reiner Egeler

Today, we would like to introduce Reiner Egeler, GDPR Leader DACH at IBM, who already gave a speech at the GDPR+1 conference last year and will play an active part at our GDPR+2 Online Conference, too.
Thank you for answering some questions in advance and for a brief intoduction.

Mr. Reiner Egeler, could you briefly introduce yourself to us?

Last year I had the pleasure to speak at the GDPR+1 conference. The speech looked at GDPR from the point of view of a global US based company - IBM. One year on, it is great to see how, all around the world, GDPR is helping to influence other data privacy regimes.

1. To what extent has data protection influenced the corporate culture of your company or of your clients?

At IBM, we have a deep-rooted understanding that privacy is foundational to trust. We were one of the first companies to appoint a Chief Privacy Officer, to develop and publish a genetics privacy policy, to be certified under the APEC Cross Borders Privacy Rules system and to sign the EU Data Protection Code of Conduct for Cloud Service Providers. We approached GDPR in the same spirit and took a bold decision to use GDPR as guideline for data protection regulation across the entire corporation.

2. What was the biggest challenge for your company or your clients when implementing the GDPR?

At IBM we have built our business on trust. Therefore, when it came to GDPR, IBM had a head start. But there are always challenges such as the categorization of personal information (PI). Take for example, the data generated by your car. When connected with you – the driver – this data becomes PI. The same could apply for any piece of equipment in the hands of a human being. What is/isn’t PI is a constantly moving target, which is why having a privacy by design approach throughout the organization is advantageous.

3. What was the most important lesson you or your clients learned in the course of the practical application of the GDPR?

I think we all learned that to be compliant with GDPR is not a one-off project! It needs to go beyond regulation. Looking after people’s data should be seen as a core responsibility for every organization that handles it - protecting it from data breaches as well as business models. All organizations that handle data should have the utmost respect for the levels of privacy and security required as defined by the owners of that data.

Thank you for the interview, Reiner Egeler.