momius - stock.adobe.com
In the year up until its arrival at the end of May it was almost impossible to have a conversation with a security or data expert that did not touch on GDPR, but since its arrival there has been little said about the data regulations.
It would be a mistake to mistake silence for and end of opportunity and if anything this is the calm before the storm as customers wait to see what will happen to those who fall foul of the regulations first.
To find out just how GDPR had impacted Forcepoint, both internally and externally with its channel partners, MicroScope posed some questions to Neal Lillywhite, VP EMEA channel at the security specialist.
Q. GDPR dominated most of the headlines over the past 18 months but what did it mean for Forcepoint as a business?
GDPR is reshaping companies’ approach to privacy and data protection. However, it is very much a set of guidelines—not prescriptive rules – so when starting out it’s hard to say exactly what that shape will be at the end of the process. To us, it was therefore vital that we treaded carefully and aligned processes, strategy and technology to meet regulations and customer needs.
Communication and collaboration is crucial and as a business we wanted to bring together departments from across the organisation to make sure that regulation was implemented seamlessly – something that presented its challenges. Whether it’s HR, Legal, Procurement, RnD, we all have different perspectives and roles to play but communicating at an early stage allowed us to troubleshoot problems. For us, GDPR meant that we learned more about our own business – from where personal data was stored and how it was being used to developing unique processes to provide extra protection without locking down productivity to simply the differences in interpretation of GDPR’s key terms by different departments.
Q. Did you feel that it was important to have gone through that process to be able to talk about GDPR from a position of personal experience?
Yes, as a company in the cybersecurity space it was important that we went through the process of becoming GDPR compliant and were able to share our expertise with our customers. Every company will have their own version of GDPR planning and will experience challenges with compliance, however privacy and data protection are none negotiable and we work with our customers to make sure they understand where their data is, who is accessing their data and can mitigate the risks accordingly. Our own experience allowed us to put together a blueprint of three steps to consider and the technology that would be needed to complete those steps that we can share with customers.
Q. What do you say to those customers and partners that have paused GDPR efforts to sit and wait to see what happens when someone gets caught in a breach?
While our customers are beginning to understand the impact of a data breach under the GDPR regulation, we continue to reiterate the importance of protecting customer and employee data and the implications of a breach on both brand and bank balance.
Businesses can no longer put their heads in the sand. Data breaches are a reality and it’s not a question of if, but when another company will be hacked. GDPR is there to provide protection for customers, employees and brand – and you have to remember, if you’re not GDPR compliant, that says to outsiders that you are likely not protected. This isn’t something that is going to make you attractive to customers – but it will make you a good option for cybercriminals to try their luck. If you’re waiting to see what happens when someone gets caught in a breach, don’t forget that the “someone” could be you.
Q. Is there going to be an opportunity in Q4 for the channel to revisit the themes of GDPR and help customers improve data protection?
GDPR is here to stay, so the opportunity for the channel to provide counsel and support will extend well beyond Q4. Processes implemented by businesses in order to become and remain GDPR compliant should now be viewed as best practice, so it is now up to the channel to make informed and intelligent recommendations on the best services and solutions for customers to invest in. This will not only ensure that their compliance is sustainable but also provide the opportunity for these customers to build on and improve these practices to further strengthen their position.