By Nick Harshbarger, SentryOne
Have your clients expressed concern about how to comply with the latest data privacy regulations — particularly the General Data Protection Regulation (GDPR)? More to the point, are they concerned about your ability, as a Managed Service Provider (MSP), to ensure compliance with ever-increasing data privacy regulations? The complexity of navigating these new regulations represents an opportunity for you to add value for your clients by advising them on best practices and implementing optimal solutions in the data systems you manage to ensure compliance.
GDPR affects nearly every company that markets to European Union (EU) citizens. First released in April 2016, GDPR is the set of laws that govern how organizations in the EU handle personal data. Although these regulations are enforced in the EU, GDPR affects companies worldwide, and mandatory compliance has been in effect since May 25, 2018.
So how do these regulations affect you and your clients? And what tools are available to help you with compliance?
Protecting Personally Identifiable Information
The most important obligation MSPs have is the security and protection of any Personally Identifiable Information (PII) contained within their systems. The next two most important obligations are data protection by design and default, and reporting on data breaches.
Data protection by design and default sounds complicated, but it's fairly simple. It means that only the necessary data for each specific purpose can be processed. This applies to the amount of data collected, how much it’s processed and analyzed, the length of time it’s stored, and how accessible it is.
Under GDPR, companies now have only 72 hours to report a data breach. There are substantial consequences for non-compliance, and transparency is a key component. Getting your business into compliance requires cooperation, perfecting data collection and processes, and the right technology to make the changes as seamless as possible.
How To Become Compliant
A clever way to think about GDPR compliance is like the personal goal of getting your body fit: It’s a lifestyle change, not a one-time accomplishment. You can’t forget about GDPR once you’re compliant; it takes continual work to maintain. Here are some critical steps to maintain your “GDPR fitness level”:
As an MSP, you’re a data processor according to GDPR’s definitions. You might not collect customer data, but you’re processing and analyzing it. Make sure your system is always audit-ready and take steps to protect your data. Your data is ultimately your clients’ data.
Once your organization becomes compliant, consider offering GDPR assessments and remediation in your portfolio of services. Share your newfound knowledge with your clients and expand your expertise. Make sure all current and prospective clients know you’re GDPR compliant and their data is both safe and protected.
Data drives our world, and we want our data to be safe and secure. Whether you’re a channel partner in the EU or you work with EU citizens’ data, it’s imperative your company becomes GDPR compliant. Just like any other lifestyle change, finding an approach that works and sticking with it is the key to success.
About The Author