01732 759725
COMPLIANCE
38
Are you GDPR-ready?
Paul Reynolds outlines three steps resellers should take to ensure they are ready to
support their customers when GDPR comes into force
smartphones or USBs. As a result,
legislation at the time didn’t cover data
held by these technologies. With GDPR
imminent, you must anticipate that the way
you interact with your business technologies
will change.
Do your due diligence and learn about
how the regulation applies to the way you
operate your business. A good place to
start is the ICO’s resource page for GDPR,
which is regularly updated. Ensure that
you understand the details around data
portability, accountability, governance
and the requirements for data protection
officers. This knowledge will help you
pinpoint which technology touchpoints, data
access and user permissions you will need
to investigate further.
Having a thorough understanding of
GDPR, its requirements and sanctions
will give you the background knowledge
needed to progress successfully through
the other steps, to evaluate your current
data protection framework and to give your
customers well informed advice.
2
Outline and adopt a plan for data
processing and protection.
Once you have a better understanding of
GDPR, you can pinpoint where you need
to invest in new technology, partners and
relevant hires (e.g. data protection officers)
in order to be compliant. You will need
to put in place a timeline for when new
structural or internal regulatory changes
need to take place.
A large part of becoming GDPR-
compliant is the adoption of data
encryption strategies and tools to protect
your customers’ data. One of the biggest
blind spots for organisations are breaches
caused by missing hardware, such as
laptops. Employees who store and transport
sensitive customer data on unencrypted
laptops can cause costly information leaks
and security breaches should the laptops
get into the wrong hands.
Secure hardware-based encryption
is key and a stark contrast to the no
encryption or software-based encryption
approach that was previously used by
organisations. To comply with the regulation,
it’s important to protect all information
stored on corporate devices at the hardware
level. One of the easiest ways to do this is to
replace vulnerable hard drives (which offer
little or low-grade encryption) with faster
and more secure solid state drives (SSDs)
that are better able to protect sensitive data
against hacks, loss and theft by encrypting
the data directly on the SSD.
Planning and executing a robust strategy
to ensure you are GDPR-compliant will set
a positive example for your customers and
could highlight where they themselves face
challenges and opportunities.
3
Inform and educate employees and
customers
Throughout the process, you must be
transparent with employees and customers
and make them aware that you are
taking steps to become GDPR-compliant.
The deployment of new regulations or
technology will not be a success unless
everyone in the organisation is aware of the
changes and how they are affected by them.
In doing this, you will begin to create
a new corporate culture that values
data security and protection. At the
same time, informing customers about
your GDPR strategies will help initiate
conversations about how they can meet
their requirements.
Huge regulatory shifts like GDPR
can present opportunities to re-evaluate
your and your customers’ applications,
architecture, security procedures and
more. Investing time to become more
knowledgeable about GDPR and going
through the process of devising and
implementing a compliance strategy of your
own will make you a more valuable partner
to your customers.
Paul Reynolds is North Europe Manager
at memory and storage specialist Crucial.
Security breaches will be front of mind
for all organisations this year, especially
as data breaches hit an all-time high in
2016, up 40% on the previous year. No
sector is safe – organisations across the
board, including Vodafone, Tesco Bank
and DCNS, have been affected, and it’s
irresponsible to assume that you or
one of your partners won’t be hit in the
future.
Next year organisations will have more
to worry about when the EU General Data
Protection Regulation (GDPR) comes into
force. This makes organisations accountable
for the security of their customer data – any
breach and they could be facing fines of
up to
€
20 million or 4% of their global
turnover, whichever is greater. If the Tesco
Bank hack from last November occurred
on or after May 25, 2018, it could have
attracted fines of up to £1.9 billion.
The wider repercussion of GDPR is that
it will change the way businesses work with
one another and how they use technology
— regardless of sector or customer base.
Channel partners that play a critical role
in advising their customers on technology
investments need to be proactive and
informed to ensure that both they and their
customers are prepared.
So, what can you do to ensure that you
are GDPR-ready? Below I have outlined
three steps that provide a good starting
point:
1
Learn about the regulation and
evaluate data access and users.
Before GDPR, customer data protection
laws hadn’t changed since 1995, back
when there were very few mobile phones
and portable computers and no tablets,
It will change the
way businesses
work with one
another and
how they use
technology
— regardless
of sector or
customer base
