23 Aug Preparing for the GDPR – Part 2: MSP Strategies
By Michael Mittel, CEO RapidFire Tools
As seen in MSPinsights magazine
Part 1 of this blog explored the urgency of the European Union’s new GDPR mandates, and how they will impact US companies, affecting what Computer Weekly calls “the first global data protection law.” Yet savvy MSPs can prepare their end-customers, gain trust as a valued advisor, and gain new business opportunities by implementing strategies around this new development.
Educate your business customers
Many non-European businesses have been reluctant to review the EU GDPR because they’re not even aware it applies to them. As a managed services provider, it’s your role to make your customers privy of the extent of the regulations and their impact on US organizations.
Gather links and resources that will help educate your customers and make sure they comprehend their vulnerabilities under these new compliance regulations. An informative marketing campaign, and/or an online resource center on your web site, will go a long way to generate new dialogs with your customers—which often lead to new business projects.
Stress documentation of compliance through Network Assessments
One of the main statutes of the new regulation dictates the following:
“Those subject to the regulation must prove they are compliant. This is true even if the organization outsources its data processing to a third-party processor, such as a cloud provider.” [TechTarget]
Therefore, organizations need not only to become compliant, but to maintain concrete evidence that they are compliant. Network assessment reports can provide detailed reports and analysis on exactly what changes a company has made to comply with data protection requirements.
RapidFire Tools has developed specific compliance modules that address regulations, including the HIPAA and PCI Compliance mandates in the United States, and is now turning an eye toward GDPR awareness. Along those lines, the company also recently implemented a Data Breach Liability Report, which points out personally identifying information that is stored on an MPS client’s network, including driver’s license numbers, credit card data, and other personal identifiers.
Create an overall compliance program for your client base
While positioning yourself as a security/GDPR resource, counsel customers in a holistic approach to compliance. In addition to adequate IT security solutions, companies can implement overall policies such as regular staff testing on security procedures, training on recognition of phishing tactics, etc. A review of physical security processes is also helpful, including how data is exposed on company monitors, and whether sensitive locations where data can be access are properly locked or restricted from general employees.
Implementation of such measures will help demonstrate that companies have gone above and beyond to protect personal data relative to EU citizens on a long-term basis. Such actions factor heavily in a company’s favor in the event of a regulatory audit. It also creates a “culture of compliance” through an organization that bodes well for long-term adherence, whether to the GDPR mandates or other regulations such as HIPAA and PCI compliance.
As the gravity of the GDPR begins to take hold beyond the European Union, savvy MSPs will be able to help their customers prepare, supporting the EU’s effort to create a more globally secure technological marketplace.