In today’s digital world, the issue of data privacy is provoking constant debates with large corporations and even governments being objurgated for invasions of privacy. According to online statistics firm Statista, only about a third of internet users in the United States are concerned about how their personal is data is shared. However, that number […]
In today’s digital world, the issue of data privacy is provoking constant debates with large corporations and even governments being objurgated for invasions of privacy. According to online statistics firm Statista, only about a third of internet users in the United States are concerned about how their personal is data is shared. However, that number is likely to rise as privacy compliance becomes a ubiquitous business concern due to the growing number of regulations formulated to curb the unauthorized access and use of personally identifiable information. The GDPR is one such legislation. No other legislation measures up to the inherent global impact of the EU’s General Data Protection Regulation (GDPR).
Gartner’s prediction that more than half of companies governed globally by the GDPR will not be fully compliant by the end of 2018 has come to fruition. With less than a month to go, a survey of 400 companies conducted by CompTIA inferred that 52 percent were still assessing how GDPR applies to their business. The research also showed that only 13 percent were confident that they are fully compliant. GDPR will without a doubt be a disruptive force in the global marketplace that cannot be ignored. This presents prodigious business opportunities for MSPs to leverage their experience in network security offerings, class analytics solutions, and their own experiences implementing strategies around this new development.
As an MSP, it makes sense to protect your business from any reputational and financial consequences by becoming GDPR compliant. It is said that charity starts at home, it would therefore be incongruous for an MSP that is yet to achieve full GDPR compliance to offer guidance in the same aspect. The experiences you gain in your journey to compliance will be of great value to both current and potential customers.
Most non-European businesses are yet to establish whether the GDPR will apply to them. And for those that are aware, their MSP will likely be the first place they turn to for help; whether its to set up reporting tools, work on data encryption, conduct audits, or implement new data management practices. MSPs should ensure that their clients fully understand the extent and impact of the regulations, and prepare them for GDPR. Since they are already aware of their client’s internal practices and processes, managed service providers are better suited to architect solutions that incorporate GDPR compliance and governance.
MSPs will have to re-onboard clients to make sure their prescribed SaaS offering will meet GDPR requirements. Gather resources and links that can help educate your clients. The use of informative marketing campaigns, or a resource center on your site will help create channels for dialogue – which may subsequently lead to new business projects.
Data is a crucial asset, however, most MSPs know very little about the data their clients possess. The only way an MSP can offer guidance and services related to GDPR is by understanding what data your clients have and the location of said data. MSPs should be ready to make an extra effort beyond protecting business applications to protecting personal data. The only way to accomplish this is by analyzing your client’s existing data. Through this process, you will be able to identify any security gaps and create customized security offerings to fill them. Additionally, the data discovery will allow you to adjust your pricing accordingly and push your customers towards more secure technologies or sell additional services that mitigate the risks their current business systems present.
MSPs tend to act as virtual CIOs for their customers. In most cases, the line between packaged service and free consultation tends to get blurred somewhere along the line. GDPR guidance could easily follow the same track – unless the value you offer is presented as a bundle that can be allotted a price tag. Compliance and security services are a potential gold mine for service providers who have acquired the management expertise to satisfy and simplify the complexities associated with the General Data Protection Regulation. Since having a designated Data Protection Officer (DPO) is a mandatory requirement under GDPR regardless of the size of the company; MSPs can use that as an opportunity to establish a DPO as a service model geared towards SMEs that may lack the resources to recruit costly, in-house compliance staff.
Marketing a compliance culture with transparency builds greater relevance and trust among current and potential customers. Companies looking to achieve full GDPR compliance are likely to align themselves with a service provider that has a demonstrated track record. Publicly documenting your GDPR compliance milestones on blogs, social media and your website confirms your familiarity with the subject. Once achieved, full GDPR compliance will act as a quality standard that can be placed on marketing channels to attract and reassure prospective clients.
As the weight of the General Data Protection Regulation continues to impact the globe, sagacious MSPs will have an opportunity to assist their customers prepare and gain incremental revenues while supporting the European Unions effort to create a digitally secure global marketplace. Despite the current rush to beat the May 25th deadline, compliance isn’t a one off activity. Companies will always have a budget for comprehensive strategies aimed at achieving and maintaining privacy compliance.
Author: Gabriel Lando