Measuring GDPR's impact on unified communications

A person drawing charts on a clear markerboard.
(Image credit: Bigstock)

Cyber security threats are real and pervasive in today's world. With businesses face everything from a 'simple' data breach to targeted identity theft, enterprises have a range of issues to contemplate as they build out their unified communications (UC) networks to best meet their needs.

Currently, legal requirements like the European Union's (EU) General Data Production Regulation (GDPR) are driving urgency for European-based enterprises to secure UC networks using products and services procured through channel partners.

GDPR fundamentally transformed the way data is handled across every sector, including healthcare and banking. This has affected everything from how personal data is held, to rights of access, data portability and even privacy. Plus, since it came into force on 25 May 2018, organisations that aren't compliant face the prospect of heavy fines.

This affects not only organisations located within the EU, but those operating outside too if conducting business or monitoring the behaviour of EU citizens. GDPR also applies to companies holding and processing personal data of these citizens, regardless of location.

GPDR has shifted the dialogue

GDPR is by its nature very complex. From an enterprise perspective, this encompasses personal data on a customer, personal data on an employee, data from a voice system, how a call is made, and pretty much any sensitive information existing on any system. This also extends to how the information is stored, where it is stored, how long it is stored and when it is purged.

The new laws have seen conversations between the channel and businesses move on from a traditional return on investment (ROI) discussion to one based on becoming GDPR-compliant as quickly as possible. Channel partners recognise GDPR needs to be at the front-and-centre. If voice platforms are involved, for example, discussions now include how and why these systems can be compliant with data protection laws, and how it will save money so businesses have no need for auditors to certify GDPR compliance.

Many channel partners and value-added resellers (VARs) are putting together GDPR packages, combining both software and services and aligning the customer conversation around compliance. The sales cycles should be shorter by leading with GDPR, given the urgency and mandate of the regulatory requirements, as opposed to generalised cyber security discussions that do not typically have clear and present definitions or concrete costs.

Within this environment, channel firms moving incumbent customers to the cloud are also selling secure and GDPR-compliant systems as a service in a two-pronged approach. Voice is more of a commodity, with savvy customers shopping maintenance and service contracts every year to optimize price.

Bundling in multi-vendor UC monitoring services provides something different, 'sticky' and with more added value than a strictly vanilla voice service. When customers use and become accustomed to management, network assessment, monitoring and analysis tools to provide better insight and faster troubleshooting, switching voice services on price becomes more difficult.

Compliance may become more complex in future

In the ongoing move to the cloud, larger service providers such as Amazon and Salesforce, along with smaller CRM services, are gaining market share by bundling in customer relationship management (CRM) with voice via strategic partnerships with Avaya and others. This offers GDPR compliance while including applications to deliver on what major enterprise buyers are looking for.

From a voice and network perspective, the vast majority of businesses are going through a channel partner for a UC solution. It's rare to find a customer building a voice solution themselves, but some need to because they're sitting on an antiquated voice system. These customers need to invest in a new system as soon as possible or pay premiums for a high-quality maintenance contract to keep their legacy systems in operation.

Compliance may become more complex in future, with Brexit still yet to take its full effect. Data now residing in the UK may need to be stored physically elsewhere in Europe, while the overall expected impact on UK businesses is still unclear.

Regardless of its effects, organisations will still have to adhere to GDPR principles under the banner of the UK's Data Protection Act 2018. Channel partners have a significant opportunity here in providing GDPR-compliant UC systems currently in demand. Providing these packages and services are far more concrete and near-term need over the more abstract cybersecurity discussions with longer sales cycles.

Shane Hosey is senior vice president with Nectar