Get your own house in order: Like the cobbler’s children, MSPs may have been so focused on helping customers that they didn’t finish their own tasks. Sales and marketing is one privacy area that will affect almost every company, so most likely you have already updated your privacy statement and audited your database to remove any contacts that have not explicitly opted in. Going forward, make sure to add easily visible opt-in links to marketing and advertising activities, including your corporate website, campaign landing pages and other online assets. Distribute your GDPR-compliant privacy statement to current and potential clients, and use it as an opening to discuss their own compliance activities.

Explore new products and services for a new reality: Convincing customers to fund privacy projects has always been a daunting task. The good news is that the vast majority of those affected by GDPR think that they can quantify the business value of security and use data protection to attract and retain new business. This changes the conversation from a security and IT expense to one about creating competitive advantage. Some leading opportunities include data migration caused by regulatory changes, the need for faster breach response and reporting, and addressing the widespread fear of reporting breaches.

Help with migrating data to new locations: Nearly half of all organizations plan to migrate their data-storage locations as a result of GDPR and other political changes, and their choice is most influenced by the host country’s data-protection laws, says the McAfee Beyond GDPR research report. At the same time, less than half of those we surveyed are confident that they always know the geographic location of their data storage. Automated discovery and classification of private data is the first step toward resolving this problem. You can’t know where something is if you don’t know what it is. With broad and continuous data classification, network and endpoint data-loss prevention tools help organizations know where their private data is, where it’s going and who is using it.

Convince companies to move faster: One of the most time-specific parts of GDPR is the requirement to communicate info about data breaches to the regulator within 72 hours. It currently takes the average organization 11 days to report a breach, according to our GDPR research. Behavioral analytics and active response tools help control movement and reduce the time it takes to spot inappropriate use, helping companies reduce the number of incidents and identify those that happen earlier. In addition, breaches of high-risk data must be communicated to each affected individual. Encryption of data at rest and in transit is an effective tool to reduce these notifications and the resulting hard and soft costs to the organization. While breaches of encrypted data still need to be reported to the regulator, if the customer encrypts sensitive data to make it “unintelligible to any person who is not authorized to access it,” they are not required to undertake individual notifications, per Article 34.

Address the high fear of reporting: Privacy violations have a significant impact on an organization’s reputation. So much so that, to avoid the stigma associated with reporting a breach, nearly half of those surveyed would rather accept a fine than make their violations public. Starting now, the potential for stiff fines under GDPR should help change this attitude, but barring a truly dramatic action by the EU, partners might need to encourage a cultural shift within many companies. One opportunity here is to help customers with their security awareness and training activities. There are many aspects to this, including executive governance, continuous compliance monitoring, secure coding and configuration practices, and contract language with partners and service providers. If the customer already has a collaborative security and privacy culture, then auditing and enhancing security postures, developing scenario playbooks and exercising the crisis response team are valuable opportunities for an external, trusted partner to participate.