A survey this month from International Data Corporation (IDC) found that less than half of European Union (EU) small and medium-sized businesses (SMBs) are prepared for the General Data Protection Regulation (GDPR). For companies operating outside the European Union (EU), the percentages are roughly the same.
While IDC’s survey results may sound alarming – especially with enforcement of GDPR compliance just hours away – does it also indicate a possible missed opportunity for IT service providers?
The GDPR opportunity for the channel
GDPR, designed to protect EU citizens from having their personal data stolen, impacts any business that collects and processes personal data from individuals living within the EU and holds companies financially responsible in the event of a data breach. It imposes new legal requirements, with the onus on companies to prove they have the required data protection measures in place for EU citizens, and will issue fines for non-compliance. Just as malicious security threats and data breaches can disrupt or close SMB operations, GDPR fines may cause similar damage to businesses -- breaches of personal data could be subject to a fine of up to 4% of a company’s global revenue or €20 million.
While many small businesses won’t be GDPR compliant on day one, IT and managed service providers (MSPs) are in an ideal position to help SMBs put strong security practices in place and demonstrate actions toward compliance. This is also an opportunity for the channel to act as trusted security advisors to their clients and put the best security tools and programs in place to ensure strong protection.
Avast channel partner Oliver Fritz, owner and managing director of SOTEC GmbH, identified a clear business opportunity to help clients with GDPR compliance and at the same time deliver new value. He explains, “We developed a process called the 3-Step Model that includes a risk analysis of a client’s entire IT infrastructure and an action plan for implementation. We see this as critical for state-of-the-art security and an effective way we can ensure businesses are GDPR ready. For example, our Managed Workplace RMM plays a key role in this process as it provides the ability to quickly perform security assessments across our customer locations, identify security measures needed, and start implementation to improve clients’ security.”
A channel partner’s security checklist
With opportunity comes challenge and we see that with GDPR. GDPR requires ‘state-of-the-art security’ without defining this precisely or spelling out the guidelines to get there. Service providers must understand how their clients’ data is being collected and used so they can properly secure it, but also put measures in place to continually stay ahead of new risks. Putting a checklist in place can reduce the enormity and complexity of the task for clients.
These elements should be on every channel partner’s checklist:
- Understand and prioritize what type of personal data is collected by clients and how this data is shared, processed, and stored.
- Assess the overall security health of clients’ IT environments to determine what security measures are in place and what is needed for compliance.
- Recommend and prioritize the right services and start implementing.
- Put the right tools and processes in place to ensure you can continually assess and monitor the security health of your client sites.
- Continue to monitor and manage the security of client sites – including performing security health assessments and generating reports of results and actions.
- Be prepared to recover systems quickly and effectively in the event of a catastrophic or unexpected failure.
Now is the time for the channel to take a critical role in client security programs. This can lead to improved security for clients but also the ability for service providers to build their business by offering new services and programs. Taking the steps toward GDPR compliance and state-of-the-art security are a win-win for both the channel and clients.
For more information on how to prioritize security in your current services offering and follow best security practices, read our recent blog.