May ’18. It sounds like some sort of historical date – a bit like May ’68, but without the student protests and marches. May ’18 is all about data – personal data – and the deadline is strict. In just a few weeks, all organizations who engage in data processing activities involving a European Union (“EU”) resident, including those based overseas doing business in the EU, must comply with the new EU General Data Protection Regulation (“GDPR”). While companies welcome GDPR as a means to better protect their customers, this new regulation will have a significant impact on all businesses.
Although you cannot flick open the pages of a trade magazine without being confronted with articles on GDPR, many companies may not yet be prepared for GDPR compliance. Forrester Research claims that 80% of companies will not be ready in time, and risk huge fines as a result. The reason behind this lack of readiness is often linked to ROI, as the business value of a GDPR-project is not immediately clear. I think the new European rules need not be seen as a cost only, without added value. I tend to view GDPR as a huge opportunity for all European businesses in general, and Service Providers in particular.
Europe leads the way
Privacy has come under great scrutiny lately, and EU based data subjects hold a firm belief that it is a fundamental human right to be protected. I am convinced this stance on privacy will spread throughout the world, and similar regulations will soon be imposed in other countries. The EU is setting a great example here. As The Economist states in its April 5th edition, “America rarely looks to the bureaucrats of Brussels for guidance. But when it comes to data privacy, the case for copying the best bits of the European Union’s approach is compelling.”
Secondly, assuring data security also further strengthens an enterprise’s cybersecurity stance. By better safeguarding a company’s data assets, the overall awareness of cyberdefense will increase. And in the modern age, with the exponential growth in both the number of attacks and their complexity, spending the right amount of attention on prevention and risk mitigation is never a wasted investment.
Catching the next wave
Some people compare GDPR to Y2K, but the difference here is that the work involved in creating and maintaining GDPR compliance is an ongoing process. May 25, 2018 does not have the same end game as January 1, 2000, where systems either stalled or simply carried on. This year marks only one milestone in a much longer campaign focused on security, privacy and data protection. Business around GDPR will continue to come in waves.
The second half of 2018 is very important, as European data protection authorities will be monitoring the GDPR compliance of companies who engage in data processing activities that involve an EU resident’s personal data. Even those Service Providers who have not yet developed a GDPR services offering should get ready for the next stage. To be a trusted Service Provider, they will need to become part of an ecosystem where complementary partners put their building blocks together: advisory firms, legal specialists, cloud service providers and, of course, vendors like Dell EMC – with our supply of data protection and security related offerings, such as Isolated Recovery Solution..
To successfully overcome the hurdles imposed by this often frustrating but highly important new regulation, solid preparation is essential. The best GDPR strategy centers on first getting your own house in order, learning from that experience, and then offering your services and know-how to external customers.