When it comes to privacy, technology is only part of the story

In the next two years the biggest growth area for the channel will be ensuring small and medium businesses (SMBs) can meet privacy regulations.

GDPR didn’t end on the 25 May, it just started. And in about 6 to 7 months the European Union’s ePrivacy Regulation will no longer be provisional it will also become a mandatory obligation.

In both cases, as readers will already know, these legislative requirements extend to any company who stores, manages, processes EU citizen data, irrespective of whether they are in Japan, India or Benelux.

It’s not just about technology

We tend to think of meeting GDPR and the ePrivacy Regulation as mainly having the right technologies in place. This is wrong. A firewall doesn’t ensure GDPR compliance; neither does an intrusion detection system. Of course technologies play a vital role in meeting these mandatory requirements but they are only components in what is an overarching drive to ensure privacy and protection of data.

At TrustArc we’ve been in the business of providing privacy for 21 years. I’m not blowing a trumpet and saying how great we are, but consider this; for 21 years we have sold direct. The channel was something we considered, but the timing did not seem right. But last year we started going through the channel.

Why? In simple terms we want to be everywhere; India, Japan, the UK, France, Germany, Italy, the Nordics and so on. Why do we want to be everywhere?  Are we driven by delusions of grandeur and an obsession with power? Of course it is not. It’s because thousands and thousands of smaller businesses, that is those with up to 250 employees, are going to be driven by the need to meet privacy obligations and we want to ensure we can reach them all.

‘Experts’ walk away clutching cash

The big boys have already by and large nailed GDPR because they have the resources. But smaller companies see it as a headache and have visions of hard-earned profits being sucked out of the business like oil spurting out of a broken pipeline.

They have good reason to be wary too. The GDPR is very complicated and it takes people with extensive privacy expertise to understand the requirements and design a solution that meets the needs for each business based on its particular situation.

There are privacy experts in the channel though, whether managed service providers, VARS, system integrators and consultancies. We’re also talking to and engaging with lawyers who are real experts in this area and have a minute but detailed knowledge of the legislative requirements.

Privacy experts – the real deal

Dovetailing this understanding with the expertise of privacy-aware channel players ensures a security blanket for SMBs that is sweepingly comprehensive and watertight. But it’s not about selling in technologies; it’s about developing cost-effective services that in a sense can be rented out to SMBs as a service.

For instance one of the requirements for GDPR is the need for a data protection officer (DPO) who essentially has full responsibility for compliance and who must also ensure that internal processes are safeguarding data.

Ask any of the large enterprises about their DPO and they will smile big shiny smiles and tell you all is in order. Ask a SMB and their brow will likely furrow with disconcertion. If you listen carefully you also may hear the sound of grinding teeth, however, if they receive a cost-effective DPO as-a-service they too will end up offering big shiny smiles.

Business will grow and grow

The technologies to offer these privacy technologies as-a-services already exist. The only requirement is that channel players truly understand the legislative privacy requirements and can position themselves as real experts.

This is the biggest and sustained long-term opportunity for our growing number of channel partners in a long time, and as auditors begin to put companies under their scrutiny it’s a business opportunity that is going to grow and grow.