- Microsoft partners are well place to help customers adapt to the GDPR
- Are you letting your customers know about how you can help?
- We’re here to help Microsoft partners talk about their expertise in GDPR
y the time you read this, the EU’s new General Data Protection Regulation (GDPR) will be less than one year away. The GDPR comes into effect on the 25th May 2018, replacing the UK’s current Data Protection Act. The GDPR introduces some significant changes for businesses over the day-to-day responsibility for data protection: from its jurisdiction to the severity of fines for non-compliance. The GDPR has a much wider territorial reach than current regulations, affecting any company that deals with the personal data of EU residents. While non-conformity and data breaches can result in fines of up to €20 million or 4% of your business’ global annual turnover—far exceeding the £500,000 fine in place today.
These changes, combined with the relatively short amount of time left to adhere to them, have meant that the vast majority of businesses aren’t ready for the GDPR. However, many Microsoft partners are well placed to help their customers navigate the compliance minefield.
Knowledge is power
While the GDPR will most certainly present a challenge for organisations, there also lies an opportunity for smart Microsoft Partners. For example, if your business specialises in data protection—whether through protection software, management policies or user training—you are well-positioned to help companies inform (and ultimately avoid) the GDPR’s huge fines.
And here at Fifty Five and Five, we have written countless blogs, whitepapers, eBooks and magazine articles for Microsoft Partners who want to tell the world about their GDPR expertise.
Make your expertise heard
Because we work exclusively with Microsoft Partners, we understand the variety of products and services they offer. So when it comes to GDPR compliance, we know about the technologies and services you sell that can bolster your customers’ security.
Specialise in Governance & compliance?
Accountability and transparency over personal data have always been implicit requirements of data protection laws, but the GDPR is focused on raising their significance. Businesses are expected to employ comprehensive governance measures proportionate to their size, as tools like Privacy Impact Assessments (PIAs) will become a legal requirement and businesses must not just comply, but demonstrate compliance. The demonstration may include hiring data protection policies, implementing data minimisation, psuedonymisation or appointing a Data Protection Officer (DPO).
We can write about how your business can help customers ensure data doesn’t go missing or get accessed by the wrong people, deploying relevant and powerful governance and compliance policies to keep customers safe from the wide compliance net of the GDPR.
Offer data protection software or services?
There is, of course, no ‘fix-all’ when it comes to software that can guarantee complete security of your customers’ businesses. But deploying a set of tools to secure content holistically is your next best bet. Tools like firewalls, internet gateways, and malware protection defend personal data around the clock, while managed security services like secure configuration and access control take the security burden off your customers’ shoulders.
We can detail which security measures will be the most applicable to your customers, as well as the required steps to save them from a potential data breach and its associated financial and reputational damage.
Offer user training or GDPR compliance certifications?
Technology aside, addressing the ‘human’ aspect of compliance is just as important. Human error is at the heart of most data breaches, and that usually stems from a lack of understanding or misuse of IT. The good news is that these are easily fixed. Training your users about personal information, individuals’ rights, consent, and documentation will all provide practical experience to employees in the tools they use every day. The sooner they can get training done, the less nervous your customer will be when the GDPR comes around.
We can spread the word that you help customers become compliant and stay compliant. The latest security technology is made redundant if employees don’t know how to use it properly; user training ensures security best practice becomes constant.
The first (and perhaps biggest) step towards GDPR compliance for your customers is awareness. We can write a ‘GDPR overview’ blog post/whitepaper/e-book to inform your audience of the regulation’s details:
- What is the GDPR?
- When is it coming?
- Who and what does the regulation apply to?
- What do you need to do to prepare?
Introductory-level content like this will not only help your potential customers get fully up to speed with the GDPR, but can let them know that you’re aware of, and prepared for the changes come May 2018.
One year and counting
97% of companies currently don’t have a plan in place to implement the new law. There’s only one year left before the GDPR comes into effect, and so you are perfectly placed to help customers implement a plan to adapt to the GDPR. So, are you ready to let them know?