How Trend Micro Is Embracing the GDPR

Unwavering commitment to security

With DNA rooted in security, we operate in over 50 countries around the world, including in regions like Germany and Japan, where data privacy regulations have historically been some of the most rigorous in the world. And with the introduction of the GDPR, Trend Micro’s focus on security and data protection continues to be a top priority, underpinning the commitment to evolve our already strong security policies across all operating regions.

A holistic approach to GDPR Readiness

As part of our GDPR compliance journey, we are working with internal and external subject matter experts, independent auditors, and consulting partners, while also referencing multiple checklists from the UK Information Commissioner’s Office (ICO) and other EU regulatory organisations. This thorough approach helps us ensure that we cover all areas of the regulation and have all necessary activities and processes in place to protect our – and your – data.

Our GDPR journey

Our approach to data privacy is comprehensive and holistic, leveraging the GDPR to become a baseline level of security across the globe – this is not just an EU initiative for Trend Micro. We have touched many parts of the organisation to ensure that we are ready for May 25, 2018.

Awareness and education are fundamental to any program focused on security. As a part of our focus on protecting customers’ data and complying with the GDPR, we are committed to providing training across our organisation and ensuring clear communication to maximise awareness, including:

  • Executive awareness and sponsorship (CFO, CIO, VP Legal, VP Finance & Operations Europe)
  • Appointing a dedicated project leader with authority to recruit SMEs and ensure timely delivery of requirements
  • Global education of Trend Micro employees
  • Ensuring our partners and customers are aware of the GDPR and what it means through webinars, conferences, and one-to-one meetings

In order to protect data, you need to know what and where it is. Integral to our compliance journey is assessing the data we have across the company and its composition as well as putting in place measures to ensure ongoing knowledge of all new data entering the company. This process includes activities like:

  • A comprehensive, global data mapping exercise across the organisation
  • Updating existing policies and processes to ensure:

  • Revised and updated product offering readiness for GDPR
  • Up-to-date customer, partner, and supplier agreements

We are diligently working on refining our best practices for the proper use, access, and management of data.

  • Revised policies around data protection by design
  • Updated breach management policies to reflect the 72-hour notification requirement

The GDPR requires a new enterprise security role – the Data Protection Officer (DPO). The DPO is responsible for overseeing data protection strategies and meeting GDPR compliance requirements. To that end, Trend Micro has the following positons:

  • Existing external DPO for Germany as per current requirements
  • New Global Data Protection Officer appointed by May 25, 2018