Gartner Blog Network

GDPR Requires IRM For Fast and Effective Response

by John A. Wheeler  |  September 14, 2018  |  Submit a Comment

This week, Gartner hosted its annual Security & Risk Management Summit in London and the buzz at the event centered on the new risks associated with the General Data Protection Regulation (GDPR). The discussion was fueled by the recent cyber attack experienced by British Airways (BA). BA disclosed the data breach just prior to our event and it was headline news in London throughout the week.

To summarize, BA’s data breach involved roughly 380,000 customers who transacted on BA’s websites from late August through the first week of September. Given the requirement by GDPR to disclose data breaches within 72 hours of discovery, BA had little time to understand the potential impacts from the breach. So, their disclosure was vague and left many customers guessing what to do in the wake of the breach. What is most concerning now is the potential for a GDPR fine which can range up to 4% of annual revenues or, in BA’s case, £500 million. It’s no wonder that CEOs consider risk management as one of their top priorities in 2018 (see figure below).


No longer will organizations have the luxury to take as much time as they want to disclose and when they do, accuracy of the disclosure is paramount. To respond quickly and effectively, an integrated risk management (IRM) approach and toolset is required. IRM links enterprise risk management (ERM), operational risk management (ORM) and IT risk management (ITRM) so that response can be coordinated quickly among a range of stakeholders and utilizing a robust risk management data set (see figure below).


In my one-on-one interactions with attendees at the London Summit, everyone agreed that IRM is the solution and must be a priority for organizations in this new world of GDPR. To learn more about IRM, check out my latest research (Gartner subscription required) or read my blog posts (for free!) at the Gartner Blog Network.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: audit-and-risk  compliance-management  cyber-risk  cyber-security  digital-risk  enterprise-risk-management  enterprise-risk-management-program-management  integrated-risk-management  irm  operational-risk-management  risk-assessment-process-and-methodologies  risk-coverage  risk-management  risk-response-strategies  security-of-applications-and-data  strategic-risk  technology-and-emerging-trends  

Tags: cybersecurity  gdpr  integrated-risk-management  irm  

John A. Wheeler
Global Research Leader - Risk Management Technology
9 years at Gartner
30 years IT Industry

John A. Wheeler is global research leader for risk management technology solutions and professional services. His areas of specialty include integrated risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.