GDPR: What is the channel’s role?

A folder labelled "GDPR Compliance" on a desk
(Image credit: Shutterstock)

Much has already been written about the forthcoming European General Data Protection Regulation (GDPR), which is set to come into effect on 25 May 2018. GDPR, which replaces the current Data Protection Directive, is set to have a dramatic effect on how organisations store, secure and manage customer and other personal data.

In a nutshell, the new regulation has been designed to harmonise data privacy laws across Europe and to protect and empower European Union (EU) citizens’ data privacy. Key features include the ‘right to be forgotten’, consumer profiling restrictions, organisations being held accountable for their data and mandatory breach notifications.

In the UK, these rules are incorporated into the proposed Data Protection Bill – a standalone piece of legislation that will ensure the same protections apply here as in the EU, even after Brexit.

But despite the endless coverage and looming deadline, research points to UK firms being woefully unprepared for the new regulation. This is a huge risk, because if they suffer a data breach and are found to be non-compliant, companies face a fine of up to four percent of annual global turnover, or €20 million (£17 million) – whichever is greater.

In addition, Canalys research shows that while large businesses are well informed on information security regulations, with resources in place to ensure compliance, SMBs have fewer resources, placing constraints on implementation.

This is where the channel comes in. GDPR provides an enormous opportunity for VARs, MSPs and CSPs to guide their customers through the potentially complex regulation, while offering a new set of revenue-boosting services.

“Clients will be relying on their providers to help them meet regulations, which is a great opportunity to build on your relationships, all while creating new business with current and potential end users,” says IT trade association CompTIA.

Indeed, at Microsoft Inspire in July, the software company’s president and chief legal officer, Brad Smith, stressed the vital role technology providers will play in preparing customers for GDPR, claiming there was a $3.5 billion opportunity to be realised over the next 12 months.

“The new directive provides a fantastic opportunity for IT channel partners to become experts in GDPR, that can guide their customers through the maze of regulation,” says Michael Frisby, MD of Microsoft partner and cloud service provider, Vuzion.

Elsewhere, IDC predicts GDPR will create a $3.5 billion market opportunity for security and storage vendors – of which the channel will take its share. However, GDPR doesn’t prescribe specific data protection technologies. Instead, it proposes processes, meaning the channel has greater freedom when it comes to vendor solutions.

Frisby says service providers should consider offering GDPR compliance audits, evaluation services and penetration testing. Customers will need to be educated to ensure they are fully up-to-speed on the new regulations, which is a perfect opportunity for a solution provider to demonstrate their knowledge and provide the necessary training.

The role of trusted advisor is a valued one; channel firms should view GDPR as a fantastic opportunity to strengthen relationships with existing customers and create new business with potential new customers that are currently in the dark over the new regulation.

Christine Horton

Christine has been a tech journalist for over 20 years, 10 of which she spent exclusively covering the IT Channel. From 2006-2009 she worked as the editor of Channel Business, before moving on to ChannelPro where she was editor and, latterly, senior editor.

Since 2016, she has been a freelance writer, editor, and copywriter and continues to cover the channel in addition to broader IT themes. Additionally, she provides media training explaining what the channel is and why it’s important to businesses.