Comply with GDPR

Practical steps to operationalize data privacy compliance across the enterprise.

The European Union General Data Protection Regulation (GDPR) went into effect May 25, 2018, providing enhanced protection and transparency for the personal data of European citizens. The regulation affects all businesses that acquire, store, or process the personal data of individuals in the EU and EEA—including businesses transferring data outside the EU and EEA. The cost of non-compliance is high, with fines of up to €20 million, or 4 percent of a company's global revenue1 and the risk of losing long-term customer loyalty.

Although GDPR compliance poses challenges, it’s an opportunity for organizations to take an intelligent and automated approach to data privacy governance and compliance. Operationalizing data privacy helps you stay competitive and agile as digital transformation initiatives expose more data for analysis and other processes.


GDPR action plan: Partner with Informatica for GDPR compliance

Informatica’s Data Privacy Governance solution for GDPR helps you engage with key functions across business, IT, and data security to govern all types of data—in the cloud, on-premises, and across data lakes—for privacy compliance. Our solution helps you implement reliable and scalable controls by identifying, defining, governing, and mastering data.

Identify and assess data: What needs protection?

For GDPR, the first step is to discover the location and volume of personal data to understand risk exposure across your enterprise. Informatica Secure@Source delivers immediate access to data-driven insights through visualizations and mapping of personal and sensitive data with identities to uncover your potential and high-priority risks. Secure@Source helps you quickly determine, protect, and monitor personal data across data types, including structured and unstructured data, to operationalize GDPR compliance.


Define and govern data: Take a comprehensive approach

To govern your data effectively, you need to bring together business and IT views of data. Informatica Axon Data Governance enables business and IT functions to collaborate by helping to define policies, identify stakeholders, and link data insights to determine in-scope data that is subject to the GDPR. You can assess where you are today, implement policies, and measure results.

Control and disposition data: Prevent unauthorized access

Different individuals across an organization and its ecosystem might have overprivileged access to data. Informatica Data Masking can limit access to personal data based on role and location, while pseudonymizing or anonymizing data for additional protection. With Informatica Secure@Source and Informatica Data Archive, you can purge data as requested by a data subject, produce DSAR reports, or respond to data disposition status when required by audits.


Manage and master data: Get a 360-degree view

For GDPR and CCPA compliance efforts, and particularly for enacting rights, you need to quickly access all the data you hold about a data subject, regardless of the location or system. Informatica MDM – Customer 360 provides an immediate, trusted profile of personal data, its lineage, and its history. With personal data centrally managed from a single location, you can apply subject rights processing consistently and effectively. The Consent Management Accelerator for Customer 360 helps you efficiently associate, consolidate, and manage consents granted by individual data subjects.

Exclusive Content


GDPR Compliance For Dummies


Informatica GDPR Solution


Data Privacy for Dummies

Analyst Report

Bloor InDetail Paper: Informatica Data Governance


Informatica Intelligent Data Privacy

Awards and Recognition

Informatica won two 2018 Info Security Products Guide Silver Awards for Privacy Solutions and New Products & Services.


1Source: EU GDPR l

Compliance with the GDPR will be based on the specific facts of an organization’s business, operations and use of data. This content provides a set of discussion points that may be useful in the development of an organization’s GDPR compliance efforts, and is not intended to be legal advice, guidance or recommendations. An organization should consult with its own legal counsel about what obligations they may or may not need to meet.