With the new European General Data Protection Regulation (GDPR) due to come into force in May 2018, data privacy is becoming a topic that can no longer be ignored.
I was therefore quite dismayed at the outcome of the recent Dell survey on the GDPR in which, with just 18 months to go until the data privacy law is tightened, more than 90% of organizations say that their existing practices will not satisfy the new GDPR requirements. In view of this, there’s undoubtedly a huge opportunity for service providers to support their customers in this specific domain with a tailored offering.
But even if the GDPR wasn’t on the horizon, data privacy should concern all organizations because – based on what is happening in the market – consumer privacy is becoming increasingly important. According to a Deloitte study, 80% of consumers ‘somewhat to strongly agree’ with the statement that they are more likely to buy a product from companies which they believe protect personal data. In that sense, data protection is no longer just a risk management issue, but has also become a business consideration. For certain organizations, guaranteeing their customers’ data privacy will even be the new unique selling point (USP).
Gearing up for data privacy
Although I believe that decision-makers will put more emphasis on data privacy in the coming years anyhow, the new GDPR is an important nudge in the right direction. As the regulators also regard data as a valuable asset, the rules will be tightened.
The basic principles of the GDPR are not new, but are rather just an elaboration on the existing 1995 European Data Protection Directive. However, since more than 80% of the Dell survey respondents say that they know little – if anything – about the GDPR, I’ll take this opportunity to highlight the four key elements that are changing:
1. Higher penalties for non-compliance
The high fines for non-compliance – up to 4% of an organization’s annual global turnover – will be a wake-up call for companies across all industries. Violating data privacy rules can have a severe business impact. Actually, in Europe, the only other area with a comparable level of fines is competition law.
2. Responsibility for data leaks
Organizations will have the burden of proof when it relates to whether, in what way and how well they protect personal data. Furthermore, they are obligated to report data leaks within 72 hours, unless it can be demonstrated that the data leak does not pose a threat to the personal information collected. This implies that organizations have to know exactly how they gather their data, how they protect it and how they process it. In view of the fact that, according to the DellEMC 2016 Global Data Protection Index, 36% of organizations have lost data as the result of a security breach this year, the above is without doubt a huge challenge.
3. Greater transparency
The GDPR will force organizations to consider their data from a data privacy point of view throughout their whole supply chain, from research and development to production and marketing. Data mapping will be essential because consumers will have the right to data portability. In other words, the new law will compel organizations to create more transparency about data and data transfers, whereby they will have to transfer the data to third parties in a commonly used format if the customer so requests. This is aimed at improving consumer convenience, for example when switching to a different telecom company.
4. Putting the customer first
The new regulation aims to give consumers back control over their data. Today, consumers can already ask for their personal data to be deleted, but the GDPR enhances this right with the so-called ‘right to be forgotten’, including online. For many organizations, the ‘right to be forgotten’ feels like the hot potato of the new regulation. Erasing someone’s profile is easier said than done when having multiple IT applications and a virtualized infrastructure.
The role of the service provider
Dell’s survey on the GDPR – which reveals that organizations lack general awareness of the requirements of the new regulation, how to prepare for it, and the impact of non-compliance on data security and business outcomes – demonstrates that service providers can still contribute a lot in this market.
Nearly all companies (97%) say they don’t yet have a plan for when the GDPR comes into effect in 2018, so why not help them by offering Data Privacy-as-a-Service? By providing your customers with a cloud-based out-of-the-box toolset you can really add value and propel them forwards.
Personally, I would even be willing to bet that back-up and archiving will evolve the same way as computing has done and will become a mature external service provider offering.
The GDPR will create a lot of new needs, for which service providers are extremely well-positioned to support them with an as-a-Service offering. Take for example the companies that will be obligated to employ a data protection officer (DPO). System integrators and resellers could offer this as a service without much effort.
Besides that, access management will become an increasingly important functionality. To comply with the GDPR, employees and contractors must have the correct access authorization to enable them to do their jobs. By providing the right access management technologies, service providers can facilitate this level of control.
Furthermore, deploying next-generation firewalls, achieving full visibility over email activity and facilitating secure mobile access to reduce the exposure to cyber threats or data breaches could also all be part of the offering.
So, my advice is to strike while the iron is hot. The market is ready, and this is a unique opportunity to support your customers in a complex domain that has the potential to seriously impact their business. Besides that, for service providers – especially those with advanced cloud offerings – data protection is already at the top of the agenda. Sharing your knowledge with your customers in a comprehensive offering is a good way of showing them that you care. Let’s be smarter together!