mixmagic - stock.adobe.com

What’s that in the cloud? Some answers to save you from GDPR

Now that companies have got distributed databases and mobile workforces with a bring-your-own-deviousness-to-work policy, most companies have problems with GDPR. Here’s some technology options for solving them

Like all forms of grief, there are five stages of GDPR. Denial, anger, bargaining, depression and acceptance.

As with any form of change, many of us rubbished the idea of GDPR at first. Do you remember thinking, ‘good grief, why don’t they just leave me alone?’ The IT industry is like a circus that you really regret joining. Instead of assuming the role of strong man, fireless fire-eater or agile trapeze artist, as they promised, you end up being a performing poodle, constantly being made to jump through fiery hoops by some self important loud mouth.

Anger doesn’t even begin to capture the spirit engendered by all those creepy unsolicited GDPR inspired emails, all from people you’d never dream of meeting, with some schmaltzy message about how sorry they are to see you go. Still, we got through that.

I think we might be moving into the bargaining phase now though. There are all kinds of companies offering services to solve the problems created by this over bearing legislation.

One of the visionaries in this area is Paul Tarantino, ex of Sun Microsystems, who started ConsentEye, a service to banish the GDPR nightmares that all companies face. As a cloud service, this is affordable even to SMEs and ConsentEye is looking for channel partners.

ConsentEye’s business logic is that some companies spend £15m on building a system that can protect them from doing something illegal with all the client information they have. That DIY solution costs a fortune and takes years. The data is held on too many systems (from CRM to HR, risk management to marketing, email to Excel) and used by too many departments on too many devices. Getting the consent of customers to use their data is an expensive time consuming nightmare.

ConsentEye identified two main challenge facing companies that want to do it themselves. Firstly, the data discovery tools available are rubbish and secondly there is no formal system of consent management on the market. So it built one, so that nobody else has too. The service provider is constantly refining the system, so why should companies try to do it themselves?

The omnipotent ConsentEye sits in the middle of all these multiple sources and sees everything. It’s a cloud service, so its online in weeks and grows bigger with each mouse click.

Having created this simple sales proposition, ConsentEye wants a channel of consultants and systems integrators to sell it. They’re about to get venture funding for a channel push, according to Tarantino. The new channel director, Adrienne Kirk, is looking for consultants who want to ear money from referrals or white labelling the service themselves.

Like ConsentEye, Target Group has built a GDPR problem-solving services using technology from database vendor Information Builders. They are also looking for channel partners. Their target market is the enterprises, whereas ConsentEye is more SME focused.

Again, the sales argument is pretty obvious. A bank could spend £2m and take two years to develop a system that stops its employees before they unwittingly make GDPR infringements for using client data without their consent. Target, which took 18 months to build its first system, has now done it so many times they are a long way down the road to perfecting the art. According to them they have honed their craft to the point that it takes them three months. So reseller partners can give clients a system in a fraction of the time at a fraction of the price and still take plenty of profit margin.

Both ConsentEye and Target have built their cloud services on technology from Information Builders which, as a forty year old company, is Jurassic. It was always more of a direct sales organisation, but now it has appointed Pat Bernard as its senior VP of global channels and alliances. In other words, her remit is to recruit sales partners. Can they convince partners to join a company best known for selling direct?

“It’s all about incentivising and compensating the sales team, so they want to push everything through the partners,” says Bernard. The target markets are health, financial services and local government, and the right partners familiar with the lingo of each of these sectors. “The world is vertical now. We need people who can speak their language,” says Bernard.

The main target of the Information Builders channel strategy will be to achieve really good communications so that all efforts will be synchronised.

Talking of synchronisation, at the other end of the modernity spectrum, Hoptroff provides atomic clocks that are setting the pace for blockchain systems and GDPR compliance.

Its founder Richard Hoptroff spotted another gap in the time-space continuum that could cause a massive rift when they start dishing out compliance punishments.

Very few of the systems in place on the cloud have accurate enough time keeping systems. But without synchronising every computer in any particular cloud to fractions of a millisecond, the audit trail for all transactions will be hopelessly out of whack. This puts all financial service providers in contravention of Article 25 of MIFID 2, a scary set of regulations that runs to 1000 pages. A friend of mine was summonsed to New York to face a tribunal over a disputed trade, where he faced a grilling from barristers whose intelligence is so ferocious they’re worth $750 an hour. He said it was the most stressful experience in his life. Hundreds of other IT managers could have their feet held to their fire over GDPR and MIFID 2. That’s the horrible secret those Fintech start ups don’t want you to know.

Most server clocks aren’t that much better than wrist watches, warns Hoptroff CEO Simon Kenny. They will drop milliseconds, which puts the Time Stamping of an audit trail completely out of kilter. Your clients would need universal time on every server in your supply chain, but an atomic clock will cost $15,000 a pop.

Or, you could sell them a managed atomic time service from Hoptroff, which is triplicated by three synchronised atomic time keeping beasts in different parts of the world. You, the resellers of this service, would be saving the client $300,000 at least, so I imagine there is plenty of profit margin in there somewhere.

“GDPR will be vastly expensive to comply with,” says Kenny, “we can stop companies falling foul of the regulators.”

Let’s hope we skip the depression phases of GDPR grief and get straight onto acceptance.

Read more on Enterprise Storage Management