General Data Protection Regulation (GDPR) support

The GDPR has been adopted by the European Union (“EU”). It establishes a stronger data protection regulatory framework for processing of personal data of individuals, impacts IBM and IBM's client contracts, policies and procedures when handling personal data.

GDPR brings:

New and enhanced rights for EU data subjects
Widened definition of personal data
New obligations for processors
Potential significant financial penalties for non-compliance
Data breach notifications

Note: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Learn more about IBM's own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

How does IBM® Emptoris Suite protect my data?

At the platform and infrastructure levels, Emptoris® Suite takes advantage of these IBM security features to help you protect your data:

Separation of duty for support personnel: only a designated group of data center personnel can access the database if needed for support purposes. Every action is logged.
Penetration testing: IBM cloud services undergo penetration testing prior to production release, and are then tested regularly by IBM and authorized independent third parties.
Passwords and authentication, including the use of the IBMid to access the application. Your IBMid enforces password protections and helps safeguard your personal information.

What is Emptoris Suite doing to support your GDPR readiness activities?

Emptoris Suite includes these application-level data separation and security features:

The Emptoris Strategic Supply Management Platform administrator role governs who views and manages user data. Only administrators can view your IBMid.
The IBMid is stored only for the purpose of authenticating your access to parts of the Emptoris Suite.
Upon request, the administrator can delete your user role and IBMid from Emptoris Virtual Supply Master. All occurrences of your IBMid within Emptoris Suite databases will be deleted.

What personal information does Emptoris Suite save, and how can I access it?

Emptoris Suite saves your IBMid, your email ID, organization, role, and some preferences, such as language, currency, and timezone. For more information, you can see the User Management section of the Emptoris Strategic Supply Management Platform Administration guide.

You can access this personal information through Emptoris Virtual Supply Master.