GDPR compliance brings challenge and opportunity for the IT channel
A survey this month from International Data Corporation (IDC) found that less than half of European Union (EU) small and medium-sized businesses (SMBs) are prepared for the General Data Protection Regulation (GDPR). For companies operating outside the European Union (EU), the percentages are roughly the same.
While IDC’s survey results may sound alarming – especially with enforcement of GDPR compliance just hours away – does it also indicate a possible missed opportunity for IT service providers?
GDPR, designed to protect EU citizens from having their personal data stolen, impacts any business that collects and processes personal data from individuals living within the EU and holds companies financially responsible in the event of a data breach. It imposes new legal requirements, with the onus on companies to prove they have the required data protection measures in place for EU citizens, and will issue fines for non-compliance. Just as malicious security threats and data breaches can disrupt or close SMB operations, GDPR fines may cause similar damage to businesses -- breaches of personal data could be subject to a fine of up to 4% of a company’s global revenue or €20 million.
While many small businesses won’t be GDPR compliant on day one, IT and managed service providers (MSPs) are in an ideal position to help SMBs put strong security practices in place and demonstrate actions toward compliance. This is also an opportunity for the channel to act as trusted security advisors to their clients and put the best security tools and programs in place to ensure strong protection.
Avast channel partner Oliver Fritz, owner and managing director of SOTEC GmbH, identified a clear business opportunity to help clients with GDPR compliance and at the same time deliver new value. He explains, “We developed a process called the 3-Step Model that includes a risk analysis of a client’s entire IT infrastructure and an action plan for implementation. We see this as critical for state-of-the-art security and an effective way we can ensure businesses are GDPR ready. For example, our Managed Workplace RMM plays a key role in this process as it provides the ability to quickly perform security assessments across our customer locations, identify security measures needed, and start implementation to improve clients’ security.”
With opportunity comes challenge and we see that with GDPR. GDPR requires ‘state-of-the-art security’ without defining this precisely or spelling out the guidelines to get there. Service providers must understand how their clients’ data is being collected and used so they can properly secure it, but also put measures in place to continually stay ahead of new risks. Putting a checklist in place can reduce the enormity and complexity of the task for clients.
These elements should be on every channel partner’s checklist:
Now is the time for the channel to take a critical role in client security programs. This can lead to improved security for clients but also the ability for service providers to build their business by offering new services and programs. Taking the steps toward GDPR compliance and state-of-the-art security are a win-win for both the channel and clients.
For more information on how to prioritize security in your current services offering and follow best security practices, read our recent blog.
Managed service providers (MSPs) are uniquely positioned to help SMBs protect against the biggest cyberthreats they face today.
How SMBs can keep data and devices protected - no matter where work is being done.