As the introduction of the General Data Protection Regulation (GDPR) draws closer, customers are under increasing...
pressure to prepare themselves for compliance. Channel partners could play a key role helping these companies in their journey.
GDPR aims to drive better transparency in organisations over the data they hold and operate. The law is set to shake up a lot of businesses, as those which do not comply face charges of up to €20 million or 4% of their annual turnover.
However, they should see this as an opportunity rather than a risk, according to Kaspersky Labs’ general manager for the UK and Ireland, Adam Maskatiya.
“There are two sides to it. There’s a cost to it in terms of compliance but there is a huge opportunity in making the right investments to be compliant and using data in a more appropriate way,” he says.
“After the 25th May, we [will] cross the Rubicon, there’s no going back. That is the new reality of how we use data and how uphold people’s rights.”
There are several challenges companies face as part of the law and Veritas’ global security lead Tamzin Evershed, highlights relationship building within the organisation as a challenge but important aspect for compliance.
“You can’t have legal sitting in one room, HR sitting in another, sales sitting in another and IT in another room,” she said.
“Everybody has to talk because data goes everywhere in an organisation and if you’re building a compliance framework, it’s like an ecosystem- if one bit is out, the other bits don’t work.”
Gemalto’s senior direction of encryption solutions, Gary Marsden, highlights four main categories for compliance.
“The first thing is going to be discovering and identifying your data. So where is it? Where are you storing it?” he says.
“And then once you’ve gathered the data, then you need to classify it and work out what’s critical and what’s non- critical. Therefore you understand which datasets are going to need to conform to GDPR. And then you need to secure the results, secure that data.”
Marsden adds this is becoming more difficult because of the amount of companies that rely on the cloud, as data could be spread across several different areas.
“Data in the cloud [is] very disparate, with storing some in our premises, there’s some in hosted environments, some in virtual environments, some in Azure, or AWS or Salesforce.”
Role of channel partners
Marsden says companies need to also control and audit their data but are facing a “critical” skills shortage with having the personnel who can implement all these changes, which is where the channel partners can help.
Veritas’ vice president of EMEA Channels, Jamie Farrelly, also says the channel can help with the skills shortage and guide the customers through the regulation.
“How many customers have the ability to build out a comprehensive plan to move towards a level of compliance without a set of specialist and capable trusted advisers around them to help guide them on that journey?”
“It’s about being involved, having the capability to advise your customer and then being able to build out not only just a technology plan but a wider plan about how you actually integrate that across your organisation.”
Kaspersky Lab’s Maskatiya said partners can also play a key role in providing secure technologies to manage their customer’s data.
“At the core, it’s providing the technology to help get compliance with encryption capability at the end point,” he says.
“So battening down the hatches, making sure that the technology that is used is continually looking for vulnerabilities.”
He adds that partner can also provide technology to deal with the aftermath of a data breach, if it were to happen.
“The tooling and capability itself equips partners with the opportunity to help address that [GDPR] compliance with encryption capability but there are many other services, for example the forensics piece in the event that you are breached, they can help clients on that journey.”
One aspect which partners can not overlook is the requirement to follow the regulation themselves, to ensure transparency with customers and to provide reliable advice and technologies.
“Everyone is subject to the same scrutiny of the law,” Maskatiya says.
“There’s a very heightened public awareness and dialogue about the importance of data and data privacy so timing is important. It’s in the public consciousness, it’s part of the public debate right now.”
Are SMEs ready?
The Federation of Small Business (FSB) released results of a survey with SMEs in February 2018, which found over 90% of them were not prepared for GDPR. From the respondents, only 8% said their preparations were completed, whereas 33% of them said they had not yet started.
Maskatiya says this is down to the mentality of the startups and their false belief that they do not hold valuable data.
“With small business and startups specifically, they have to be aware as they grow, they’ve got to grow and scale processes and practices accordingly,” he says.
“Anyone, who’s interacting and collecting data and delivering a service to their clients, absolutely has things are of value and need to be protected and secured in the same way. So again it’s about the culture within an organisation.”
Marsden says channel partners can also help to educate SMEs as to how they address the challenges of discovering, identifying and classifying data.
“That’s where the channel can really help their customers to understand what they need to do and understand how they can help them take those first three steps. Understand where your data is and how it’s classified, therefore you can understand the risk profile,” he said.
“SMBs are going to want to do the minimum with the minimum cost and that’s where MSP [managed service providers] can help them understand how much they can have to invest and how to keep it lightweight but also be able to comply with the legislation.”
With GDPR fast approaching, channel partners are helping customers with advice and technologies to comply, although SMEs in particular may be in a race against time to make this happen.
Kaseya touts managed compliance opportunities for MSPs