Shutterstock
Prepare Your Customers for a Harsh GDPR Reality
**Editor’s Note: Register now for Channel Partners Evolution, Sept. 25-28, in Austin, Texas.**
A new regulation could have major implications for channel partners and their customers.
The General Data Protection Regulation (GDPR) will take effect next year and potentially involve your clients’ data. A technology expert will inform partners about how to mitigate this problem at the “Preparing Customers for a Harsh GDPR Reality” education session on Sept. 26 at Channel Partners Evolution in Austin, Texas.
CSPi’s Gary Southwell
Gary Southwell, vice president and general manager of CSPi‘s product division, spoke to Channel Partners about what his talk might sound like.
The transcript has been edited for clarity.
Channel Partners: What is the GDPR and why is it important?
Gary Southwell: On May 25, 2018, General Data Protection Regulation (GDPR) will go into effect, requiring any company housing European citizen data, including those not based in Europe, to adhere to its regulations or face lawsuits and fines that can go as high as 4 percent of revenue – or 20 million euros, whichever is greater. To be compliant, companies must be able to protect personal EU citizen data from unauthorized access and use. This law gives EU citizens the ability to control how their personally identifiable information (PII) is being used regardless of where housed.
Should a breach occur, it must be reported within 72 hours, including disclosure of breach impact concerning the extent of records exposed. U.S. directives allow EU citizens to join in class-action lawsuits against any U.S. company that does not comply with GDPR regulations. Most breach insurance polices will not pay if companies are not compliant with applicable laws.
CP: What is a significant effect of GDPR?
GS: GDPR forces a complete change in the process in which companies detect, verify, scope and report breaches. Companies must now notify each country’s representative within 72 hours from time of detecting a breach with the details on which residents were impacted. Today’s processes and systems assume months to do this, not three days. Today’s best practices assume you have smart people on hand or that you can fly in to assist with the work. There is no concept of urgency built into the processes. Why? Compliance requirements prior to GDPR have no time constraint. These rules were centered on making sure processes are in place to find out what happened, and not to limit breach. Most companies have set up their processes for audits to prove compliance with regulations. They now must change to focus on detecting breaches and limiting loss of citizen PII during such events.
CP: What do you hope partners will take away from your talk?
GS: Partners will take away a new concept of how to provide a consultative approach to using the topic of GDPR to their advantage. This includes the key (leading) questions to put in front of any customer to determine their readiness in preparing for GDPR. The session will provide them enough detail on the key aspects of GDPR that needed to be dealt with and some key techniques on how. These include processes (types of value-added services) and solutions (types of products) that can be applied to solving the problem. Key to all of this will be how to educate U.S.-centric customers on what they must be aware of in order to determine if GDPR and the U.S. rules in support of it apply to them.
