By James Bergl - Director, Datto, Asia-Pacific
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, changing the way that both the private and public-sector handle personal data related to EU individuals. The introduction had far-reaching implications for businesses worldwide, forcing us to think differently about how we handle and store data.
A lot has happened since that time, and Managed Service Providers (MSPs) in Asia and the world-over have taken steps to not only comply with the regulations, but also capitalise on them.
To find out more, we asked MSPs across the globe about what they have learned since the introduction of GDPR.
Here’s what they said:
1. Be the compliance expert!
According to GDPR consultant and founder of Assuredata, 75% of GDPR compliance hinges on training, process procedures and policies. MSPs can offer greater value to their clients by helping them to navigate this tricky landscape, positioning themselves as the ‘expert’ and digging deep to really understand client businesses. IT Complete Manager, Jess Symondson, points out: “Mapping out a client’s business will present deeper insights into their data management, which in turn enables you to offer tailor-made solutions.”
2. Understand your client’s security framework
GDPR signalled the need for businesses of all shapes and sizes to change the way they manage and store data, whilst also underlining the need for businesses to ensure they have the best possible solutions in place to protect their data. For MSPs, this meant making sure they are offering clients robust security and back-up solutions to cover all bases in the event of any issues. To do this effectively, step one should be understanding your clients’ business and security requirements. Craig Atkins, IT specialist and Founder and CEO at 1-Fix, suggests MSPs begin by taking a look at their clients’ network and security set-up to evaluate what they can do to better protect their data. “Without communicating this to your customers, they won’t know what they need and won’t actively reach out to ask for it,” he said.
3. Educate clients to build trust
Attaining GDPR compliance may seem like a great reason for clients to upgrade to next-generation firewalls, stronger email encryption or more robust business continuity and disaster recovery solutions, however, the financial implications of upgrading can be a hard sell for clients. This makes education crucial so that clients understand what they need and why they need it, in line with GDPR requirements.
MSPs told us that thinking ‘outside of the box’ when it comes to educating clients and potential clients is a great way to do this, for instance by setting up online courses and forums to help with questions around GDPR. UK-based IT support services provider Mirus told us how by setting up GDPR academies they were able to generate new business leads. “These academies are open to everyone, creating a great opportunity to reach our prospect base and offer the right education,” said Mirus’ Director, Dan Sharp.
4. GDPR is about investing for the future
Businesses today are entrusted with an unprecedented amount of personal data, which needs to be kept secure and sacrosanct. Companies that fail to safeguard personal data will lose customer trust quickly.
MSPs therefore should help clients understand that falling in line with GDPR is about investing for the future. By demonstrating they care about their customers’ privacy, businesses continue to build goodwill and trust with their clients, which can make a real impact on their bottom lines.
Ultimately, GDPR will cost businesses money, but it’s a worthwhile investment. David Prince, President and CEO of managed IT services company Databranch suggests helping clients and potential clients understand this investment by using the following analogy: “Ask would you go skydiving without a reserve parachute?”