https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


GDPR

Security Central: A Checklist of Client Must-Dos for GDPR

  • Written by Security Joan
  • March 29, 2018
What should MSSPs be advising clients to do as the deadline to comply with GDPR looms? Here's a list of key considerations to take to customers today.

The deadline to be in compliance with the European Union’s General Data Protection Regulation (GDPR) is almost here. All companies that collect the data of EU citizens will need to be ready by May 25.

GDPR is expected be a huge disruptor for the channel between now and 2020, according to a survey of IT resellers and MSPs commissioned recently by Agilitas. The poll found more than one in three (37 percent) respondents expect GDPR to be the most disruptive challenge over the next three years. But they also predict opportunity in the regulation, with one in three (34 percent) partners noting that they expect to see a revenue boost related to GDPR.

A PwC survey shows that nearly all (92 percent) U.S. companies consider GDPR a top data-protection priority, with more than two in three (68 percent) U.S.-based companies planning to spend between $1 million and $10 million to meet GDPR requirements.

The opportunity for MSSPs is clear: Clients have budget and need guidance with this complex regulation.

“GDPR has taken CISOs off guard,” says Gary Southwell, general manager at CSPi, a network and IT security company. “The channel has the opportunity has to be a consultative partner to companies looking for help with compliance.”

Gary Southwell

Here is a list of some of the key recommendations for GDPR preparation that MSSPs should be advising clients on now. 

Map Your Data

Data mapping is the process of identifying, understanding and mapping out the data in an organization to provide a thorough overview of how it flows to, within and from a company.

“Take inventory and understand where you keep PII (personally identifiable information). We often get people who don’t know that,” says Southwell of his own work with clients. “If you don’t know where it is, at least understand applications that are storing it. Once you understand where it is, you can now figure out ways to make sure it is protected. And you can go after data if it needs to be deleted, which is necessary under the ‘right to be forgotten.’”

The process of data mapping should involve all business units in your organization, he notes. Often you will find data that reside in multiple locations.

“Map your data,” agrees Oded Moshe of SysAid, a provider of IT service management solutions. “You need to get a clear picture of what data you hold on customers and citizens, and where it is held. That’s your first step.”

Oded Moshe

Moshe, who spearheads SysAid’s GDPR implementation efforts, also warns that in mapping, there are often overlooked areas – or blind spots – that need to be considered. Examples might include pictures of customers where they are identified, and client testimonies on marketing materials. Read more about GDPR blind spots in last week’s Security Central.

Be Prepared for Faster Breach Notification

GDPR requires organizations that discover a data breach to notify authorities within 72 hours of discovery. This has a number of Southwell’s clients on edge.

Multiple studies put the average time to detect a breach at 200 days. With just 72 hours to notify once detected, this means clients need to have quick access to a lot of affected data.

“Clients need a way to speed up the process to give information on what records have been exposed,” says Southwell. “Then you know which countries to notify.”

Southwell currently works with clients on advising which products provide a system to help expedite data-exposure information, and that includes data recording in and out of critical resources, and a search function to reveal records exposed.

Simulate Breach and Attack Scenarios

In order to be prepared for compliant breach notification, organizations should validate that the plans they have in place actually work through breach and attack simulations. But it’s not just under attack or after breach discovery when compliance can be tested. There are many aspects of the regulation that should be played out in advance.

“You need to make sure you’re prepared and should simulate various scenarios internally,” says Moshe. “You might have some EU citizens coming to you asking for you to delete their data under ‘right to be forgotten.’ You need to know how to deal with it. Simulate this with teams, and then double-check with the legal team that you’re covered. If you practice, you know what to do when it happens, and how to do it right.”

Train Everyone

This isn’t just about the security and IT team. Moshe warns that most divisions need to be trained on relevant aspects of GDPR. Human-resources personnel is one example.

“If an employee who is an EU citizen leaves a company, they are going to engage with HR. They could come to HR when leaving and say, ‘I’d like to be forgotten please.’ HR needs to be prepared to handle that request. Training and awareness around this is important.”

Identify a Data Protection Officer

Most organizations must appoint a data protection officer (DPO) within the company under the regulation, and many are handling this by appointing existing people within the company and simply expanding roles.

“Some organizations will pick the CIO or CISO,” says Southwell. “There are firms that offer it as an outsourced service, but now you’re on a riskier slope because it means allowing an external party in to have access to your data and process as this person serves as your go-between for you and the government.”

Whoever is identified as the DPO needs to be work independently to conduct privacy assessments and without conflict to ensure laws and practices around data protection and compliance are up to date.

Stop Freaking Out

There is a lot of fear around GDPR, says Moshe. And many advising on GDPR preps are spreading needless worry. Ultimately, Moshe believes the regulation will be a positive step for overall privacy and data-retention practices. He thinks MSSPs should be conveying that message to clients.

“Stop scaring people about GDPR and start embracing it,” he says. “It’s good for us.”

Who is Security Joan? We’ll never tell, but all you really need to know is that she’s a huge Steely Dan fan (as if the nom de plume didn’t give it away). She’s also a veteran infosec journalist who has covered the evolution of the cybersecurity industry, its shadowy criminal underworld, and the good people trying to stop them for more than a decade. In addition to our weekly Security Central column, Security Joan helps inform the Channel Futures cybersecurity coverage with her sizable expertise. Say hi on Twitter @Security_Joan or shoot her an email at [email protected]. 

Tags: Agents Cloud Service Providers MSPs VARs/SIs Best Practices Channel Research Security Strategy

Most Recent


  • New direction
    Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains
    The deal also includes a role for RingCentral.
  • Momentum
    Microsoft Security Now $20 Billion Business with 'Tremendous Momentum'
    One analyst says there's few legitimate obstacles in its path for further growth.
  • Intelisys Pre-AMP'd Marketing Forum
    Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap
    Marketing is historically a second thought for the sales-focused world of technology advisors.
  • Layoffs
    IBM and SAP Are the Latest to Announce Layoffs, SAP to Shop Qualtrics
    IBM Will Cut 3,900 employees, while SAP plans to eliminate 3,000 jobs.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • USB drive
    A Coup and a Theft: Why MSPs Can’t Let Clients Get Lax About USB Security
  • Ransomware skull and crossbones
    JBS Did What it 'Needed to Do' with $11 Million Ransom Payment
  • hybrid clouds
    Nutanix, HPE Team on Hybrid, Multicloud via GreenLake
  • lone Arctic wolf
    Arctic Wolf Enhances Partner Program with 2 New Tiers

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains

January 26, 2023

Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap

January 26, 2023

Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity

January 25, 2023

Industry Perspectives

View all

Make the Most of the Gift of Time in 2023

January 25, 2023

Strong Partnerships Ease Challenging UPS Upgrade

January 24, 2023

The Advantages of Managed Networking and Security During Economic Uncertainty

January 5, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

Cybersecurity Certifications: Their Evolving Role in the Fight Against Increasing Attacks

December 13, 2022

White Papers

View all

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

October 25, 2022

Embracing the Zero Trust Mindset For Endpoints

October 24, 2022

Endpoints are the Destination

October 24, 2022

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

The CEO of @Mitel discusses the likely outcomes of buying @Atos Unify. Note: @RingCentral will play a role post acq… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@msftsecurity surpasses $20 billion in annual revenue, analysts say it's a formidable #cybersecurity market conten… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

The adoption of cloud-based services ☁️ has spiked in the last few years and is among the top growth segments. See… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

[email protected], @NICECXone, @lumencpp, @CiscoPartners joined @IntelisysCorp and partners for a day of marketing worksho… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@IBM and @SAP announce #layoffs of thousands of employees dlvr.it/ShV2VY https://t.co/7QK1YqVpwa

January 26, 2023
ChannelFutures

#MSPs can boost #Channel business if they personalize the #DigitalExperience for partners, says @AvePoint.… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

Consider mental health in the context of DE&I. Create safe spaces where employees can feel comfortable being who th… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@GoIvanti's CSO says #ChatGPT poses numerous cybersecurity concerns. dlvr.it/ShRmdt https://t.co/n22RZ4PZaO

January 25, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X