General Data Protection Regulations (GDPR) are fully
enforceable and hefty financial penalties are hitting those who do not meet the
requirements. Yet as a managed service provider (MSP), you may still be unaware
of the full implications. Many mistakenly believe that GDPR impacts only
consumer internet companies. In reality, any MSP with clients who deal with EU
resident data are required to comply.There is good news. The current atmosphere is not just one
of avoiding fines, but one of opportunity. As many companies are scrambling to
meet GDPR requirements, MSPs and value-added resellers (VARs) can play an
important role as partners. By helping your customers navigate the soon-to-be
implemented regulations, you can not only offer protection with compliance, but
can work towards building long-term relationships that outpace competition.Getting an Edge With
GDPR Compliance
Meeting GDPR requirements is not merely a trifle. Data
storage, erasure processes, access and availability are all strictly regulated.
Given the complexity, many small and medium business will likely require
external help to deal with compliance. This opens new opportunities for MSPs.
Through the education of your business customers around the extent of the
regulations and how they will impact business procedures to the documentation
requirements, creating an overall compliance program empowers your customers to
take a holistic approach to securing data.Having a solid game plan for GDPR is not only a defensive
strategy to hold onto existing customers, but also an offensive strategy to win
new ones. In the years ahead, GDPR compliance will be one of the top criteria
in picking a new vendor or in continuing a relationship with an existing
vendor. Hence, any MSP that doesn't comply will not only fail to win new EU
customers but risk losing existing customers as they scale.How to Handle GDPR as
an MSPAs a first step, you should develop a high level of
awareness on GDPR’s specific requirements and how they pertain to your
customers. For example, start by identifying customers who deal with any
EU-related user data and understand what services are impacted by GDPR.
Providing customers with resources on how to best prepare can serve both ends.GDPR entails regulations that go beyond simply securing user
data including user consent, breach notification, right to access, right to be
forgotten and data portability. Digging a little deeper, a "right to
access" means that EU-citizens will enjoy the ability to request access to
any information companies possess relating to them, while a "right to be
forgotten" allows them to request the deletion or anonymization of any
data companies possess relating to them. And similarly, "data
portability" requires that companies provide a copy of data for use
elsewhere. These are all areas where an MSP may be involved in meeting the new
requirements.Simultaneously, you need to ensure that you can provide
compliance by closely examining any regulations. For example, if you host any
EU-related user data, you are likewise required to meet all GDPR requirements.
Under the new law, you will be classified as "data processors" if you
handle any personally identifiable information (PII) of EU citizens. While this
sort of data processing had previously been covered under contracts, GDPR
overrides contractual agreements and puts liability back on MSPs and other
service providers.GDPR Compliance as a
Long-Term StrategyGDPR is expected to have longevity and other countries might
follow with similar regulations. Therefore now is the time to consider making
long-term investments in both tools and training for your team. Instead of
focusing on temporary band-aid solutions, consider migrating to a stable
GDPR-compliant platform that is committed to supporting current and evolving privacy
regulations.Instead of looking at GDPR requirements as a hassle to be
dealt with, the features provided with compliance can be viewed as value-adds
to both your existing and potential customers.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
