Sergey Nivens - Fotolia

Channel has to act as if GDPR is still on track

Despite Brexit the security channel is being advised to prepare customers for data protection regulations that are coming out of Europe

Security resellers are being advised to carry on as if all was normal with the forthcoming European data protection legislation and get their customers ready for changes to they way they look after information.

Despite Brexit the prospect of UK companies needing to be in a position to meet the requirements of the General Data Protection Regulation (GDPR) is one that some vendors are expecting will be a reality even if Article 50 is triggered and Britain leaves the EU sometime in 2018.

Encryption specialist Gemalto used the chance to catch up with partners at its London event to stress that it should be very much business as normal.

Phil Holmes, UK channel director at Gemalto, said that it had already seen customers setting aside budget to deal with GDPR and it was urging partners to talk to customers about the regulations now.

"We are continuing to act as if it will be implemented. If you have to implement GDPR then you don't want to wait until you have six months left, now there is more time," he added that anyone who wanted to trade with EU customers would be expected to have met the regulations.

"The building blocks of GDPR will be applicable regardless because they are good security sense," he highlighted encryption and key management as areas that were covered by the regulations but were things that customers should be doing anyway.

Although GDPR has been around as a concept for a while, and the details on it should be published shortly by the EU, Holmes said the channel was still in an education phase with customers.

"We need to be talking to people about it now because we are only a couple of budget cycles away from it and the channel needs to be having derious discussions with their customers," he added.

Gemalto is not alone in advising partners to carry on with plans to get customers up to speed with GDPR and others in the industry are taking a similar view.

“Businesses are not off the hook and should continue to plan for compliance, as they will either have to adhere to these terms or measures that are modelled closely upon those of the GDPR. With regards to trade, the GDPR will still apply to companies that offer services and goods within the EU. Consequently, for businesses to remain competitive and if the UK is going to continue trading with our European neighbours, companies need to make compliance a top priority," said Phil Bindley, CTO at The Bunker.
“Although the full impact of Brexit remains to be seen, the GDPR is not another abstract piece of legislation but was drafted directly in response to the threats that businesses and individuals face today. With the digital economy continuing to grow, having clear safeguards in place should remain at the forefront and the GDPR should continue to be seen as a very welcome regulation," he added.

Some in the channel feel that following the exit from the EU there might well be a different approach taken in the UK, but even then the chances are that data protection laws will be beefed up.

"In order to be able to collect and process data on EU citizens, the UK must be able to prove that the measures it has in place are adequate, which was the reason behind Safe Harbour in the United States," said Colin Tankard, managing director of Digital Pathways.
"Given the current mood in Europe, I don’t see the integration of the GDPR as being an automatic given. It is interesting that the UK has already objected to certain parts of the GDPR, such as the need for many organisations to employ a dedicated data protection officer. Something as seemingly trivial as that could have grave consequences," he added that it would be keeping a close eye on developments.

Read more on Data Protection Services