Maren Winter -

Fines might help the channel spark more GDPR urgency

A year on from GDPR being introduced and there are plenty of customers not yet totally on top of the data regulations but without any large fines it is hard for the channel to challenge that attitude

There was plenty to think about over the Bank Holiday weekend, including the result of the European parliament elections and the play-off finals, but Saturday also marked the first anniversary since GDPR came into effect.

Since the data protection regulations have been enforced the channel has been largely silent about GDPR because most are waiting to for the first big fine and the wave of concerned customers to then start enquiring about how they can avoid the same fate.

The lack of stick has meant that as the anniversary of GDPR comes round there are plenty of firms still not ready to deal with the full demands of the data regulations. The means there continues to be a sizeable opportunity for those in the channel with the expertise to talk about it.

“The scope of how seriously companies have taken the new regulation still varies significantly. Whilst some businesses have used GDPR to take the step back and challenge themselves as to whether their cyber security capabilities were indeed state of the art, all too many have simply continued as normal," said Greg Day, vp and Chief Security Officer for EMEA at Palo Alto Networks.

“Now we’ve reached the one-year mark it’s a timely reminder for businesses to seriously asses the progress they’ve made in the past year, and the work that still remains to be done," he added.

Around the anniversary some research has been issued from various industry players underlining just how far most customers have to go. One example comes from CybSafe, which found that of the 250 IT decision makers it quizzed on 57% felt they were compliant. That leaves a sizeable chunk keeping their fingers crossed everything is going to be alright.

"GDPR has been an incredibly interesting case study in that everyone thought it would bring modern business to a halt. The EU DPA has focused on raising awareness this year versus handing down harsh fines and businesses are learning how to navigate this new world of increased regulation," said Prem Ananthakrishnan, vp of products, Druva.

The lack of action on the fine front might have taken the urgency out of the sales pitch for some resellers and did leave some in the industry wondering just why the Information Commissioners Office had not gone further.

"One interesting development has been the threat of the 'big bad wolf' ICO blowing houses down with its fines, being less severe than first anticipated. In fact there were several cases where the ICO didn’t charge the maximum penalty of 4% of total global revenue when it had the chance," said Sean Herbert, UK country manager at baramundi.

“If businesses have learnt anything in the last year it is that the EU GDPR is not a black and white issue. Of course, the ICO is here to make sure that both customer data is kept safe and that even if businesses do make mistakes they won’t be crippled by fines – at least not yet. However, there are numerous regulations which businesses need to comply to which go beyond reporting a breach. From ensuring customers can receive their data on demand, to being able to delete the data if there is no valid business reason to keep it, all organisations need to ensure that they understand all the potential principals," he added.

That sense of using GDPR as a spring board to a world of reduced anxiety is widespread and there are some examples of areas where the data regulations have ushered in some positive changes.

Yuval Ben-Itzhak, CEO, Socialbakers, said that GDPR did cause an impact on the way firms reached customers but that had led to more innovation: "GDPR brought privacy to boardrooms and front pages, and made everyone re-think about how they deal with digital data. GDPR was a paradigm shift for many businesses and marketers. Now innovation takes the lead to provide a GDPR-safe business reality, where personalised experiences and new business can still be created without compromising privacy."

Read more on Data Protection Services