How Trend Micro Is Embracing the GDPR

Unwavering commitment to security

With DNA rooted in security, we operate in over 50 countries around the world, including in regions like Germany and Japan, where data privacy regulations have historically been some of the most rigorous in the world. And with the introduction of the GDPR, Trend Micro’s focus on security and data protection continues to be a top priority, underpinning the commitment to evolve our already strong security policies across all operating regions.

A holistic approach to GDPR Readiness

As part of our GDPR compliance journey, we worked with internal and external subject matter experts, independent auditors, and consulting partners, while also referencing multiple checklists from the UK Information Commissioner’s Office (ICO) and other EU regulatory organizations. This thorough approach helped us ensure that we covered all areas of the regulation and have all necessary activities and processes in place to protect our – and your – data.

Our GDPR journey

As a leader in cybersecurity, our approach to data privacy is comprehensive and holistic, and we are now leveraging the GDPR to become a baseline level of security across the globe – this is not just an EU initiative for Trend Micro. Demonstrating this commitment to data privacy, we touched many parts of the organization to ensure that wherever data resides, we know about it and treat it appropriately. 

Awareness and education are fundamental to any program focused on security. As a part of our focus on protecting customers’ data and complying with the GDPR, we have provided training across our organization and ensured clear communication to maximize awareness, including:

  • Executive awareness and sponsorship (CFO, CIO, VP Legal, VP Finance & Operations Europe)
  • Appointment of a dedicated project leader with authority to recruit SMEs and ensure timely delivery of requirements
  • Global education of Trend Micro employees
  • Ensuring our partners and customers are aware of the GDPR and what it means through webinars, conferences, and one-to-one meetings

In order to protect data, you need to know what and where it is. Integral to our compliance journey was assessing the data we have across the company and its composition as well as putting in place measures to ensure ongoing knowledge of all new data entering the company. This process included activities like:

  • The completion of a comprehensive, global data mapping exercise across the organization
  • Updating existing policies and processes to ensure:

  • Revised and updated product offering readiness for GDPR, including product data collection information
  • Up-to-date customer, partner, and supplier agreements that address the requirements of the GDPR

We have refined our best practices for the proper use, access, and management of data.

  • Revised policies around data protection by design across the organization
  • Updated breach management policies to reflect the 72-hour notification requirement under GDPR 

The GDPR requires a new enterprise security role – the Data Protection Officer (DPO). The DPO is responsible for overseeing data protection strategies and meeting GDPR compliance requirements.

  • Trend Micro has appointed a new EU Data Protection Officer, Lianne Harcup
  • Maintaining our existing external DPO for Germany as per current requirements