This Thanksgiving, many U.S. companies likely are thankful the deadline for compliance with the EU’s General Data Protection Regulation (GDPR) still is several months away because they’re nowhere near ready.
Aimed at improving personal data protection and increasing accountability for data breaches, GDPR presents a significant challenge for organizations that process the personal data of EU citizens, regardless of where the organization is headquartered. This means that any U.S. organization that handles data belonging to EU citizens will be required to be compliant when the regulation comes into force in May 2018.
Executives with Thales eSecurity, Interxion, Trend Micro and Impartner spoke with Channel Partners about the challenges ahead for companies and how the channel can help them along this difficult journey.
According to research by Thales, about 35 percent of U.S. organizations already don’t believe they will be fully prepared for GDPR in time for the deadline. In addition, they are apprehensive about its impact on their business.
“(GDPR) goes into effect on May 25, 2018, and brings with it the potential for crippling fines of up to 4 percent of annual turnover or 20 million euros (whichever is greater),” said Michael Rothschild, Thales’ director of global marketing. “This crucial date requires any organization, regardless of location, to make their EU-based customers’ data secure. There seems to be a lot of confusion as to how businesses will be impacted. The channel can occupy the coveted seat of trusted adviser and work with organizations that are behind on addressing these looming requirements to successfully interpret the rules and implement what is necessary ahead of the … deadline.”
Kory Willis, Impartner’s director of IT, said companies can’t just “go online and Google some software product to make you GDPR compliant.”
“It’s kind of scaring people because when you need an email solution or accounting software, you Google that and you’ve got 20 different options, and just pick something and run with it,” he said. “With this, it’s entirely different; it’s a different monster and the deadline is coming down. We have 184 days until it comes into effect and consequences are pretty dire. They designed this to put companies out of business that are not compliant.”
Patrick Lastennet, Interxion’s director of marketing and business development, said the channel can raise awareness that this is an issue to be addressed at the board level for enterprises and service providers considering doing business in Europe. Break down the value/supply chain attached to IT solutions, and highlight the key standards and processes that each component needs to meet both from the security and privacy perspectives, he said.
“By demonstrating that you have a solid program in place to fulfill privacy by design as prescribed by GDPR, you will win more business in Europe (either as an enterprise or service provider),” he said. “This is not just about dealing with liability in case of noncompliance, it is about demonstrating to the end user that a service is fit/safe to use from a privacy standpoint. With an increased emphasis on portability of data from one service to the other — it becomes even more important to …