Story image

GDPR - what MSPs need to know now

24 May 18

As the month draws to a close, businesses of all sizes across the world are readying themselves for General Data Protection Regulation (GDPR), which comes into force on May 25. While this is an EU regulation, its impact is guaranteed to be felt by any organisation conducting business with the EU.

GDPR will change how both the private and public-sector handle personal data related to an EU individual, regardless of where the information is stored. This means, that even for small businesses in Asia who may only have one EU client, they too must be compliant with the new regulation.

But what does this mean for managed service providers (MSPs) in Asia-Pacific? Put simply, as an MSP, you are positioning yourself as an IT expert, the go-to person for all things tech and data, which as of this month, should also include GDPR.

Daunting as this might seem, for many MSPs, these new data regulations have served to bring in more opportunities than headaches. Now is the time to start ensuring your customers are GDPR compliant, and in doing so, capitalise on this huge opportunity to strengthen your relationship with your clients by providing real value.

To bring these opportunities to life, we spoke to MSPs across the globe on what they are doing to make the most of GDPR.

A new consultancy

There is no better way to build trust with clients than going the extra mile to protect their business, including helping clients avoid the hefty fines associated with failing to comply with the new regulation. This is the case for UK-based MSP, Complete IT.

“For us, GDPR is about educating our clients and enabling them with the tools they need to help their clients,” says Complete IT marketing manager Jess Symondson.

“We have been working with a leading GDPR consultant to host workshops, webinars and seminars both free and paid for.”

By remaining flexible and acting quickly, Complete IT added a brand new (and very popular) business service to their MSP portfolio: GDPR consultancy. By adding this relevant service, Complete IT now have more opportunities to engage with (and cross-sell to) current clients.

“In order to help our clients through GDPR, we have put on a number of knowledge academies offering processes and internal procedures,” says Dan Sharp at UK-based Mirus.

“These academies are open to everyone, creating a great opportunity to reach our prospect base and offer the right education.”

As an MSP, you’re in a long-term relationship with your clients, not just a single hard sale. Alleviating pain points for your clients will only increase their trust and commitment to you.

Stay on the forefront of channel technology

Jim Sneddon, leading GDPR Consultant and Founder of Assuredata, reports that 75% of GDPR compliance is around training, process procedures, and policies. Sneddon recommends you start with your current client base.

First, give their IT stack a full check-up and provide custom recommendations for them around what is working and what could be better.

“Instead of going for the hard sell, we want to ensure that they have taken the time to look over their business needs with our guidance,” said Symondson.

“Mapping out a client’s business will present deeper insights into their data management, which in turn enables you to offer tailormade solutions.”

Cure All Solution: State of the Art Tech

“Begin by looking at your clients’ security and educating them on what they can do to better protect their data,” said Symondson.

“If you know they could be doing something better, tell them.”

1-Fix founder and CEO Craig Atkins says, “Offering next-generation firewalls, better options for email encryptions, and top-of-the-line business continuity and disaster recovery (BCDR) products will let clients know you are serious about helping them protect their data.

“Without communicating this to your customers, they won’t know what they need and won’t actively reach out to ask for it.”

In the age of GDPR, proactivity is key for MSPs and businesses alike.

Time to Invest

Convincing prospects and clients that technology solutions, such as business continuity and disaster recovery (BCDR) are worth the investment can be difficult. So how can you overcome these roadblocks? It’s all about how you approach the conversation.

“Take the time to explain the benefits of the technology. There’s a huge benefit when your prospects actually understand what they’re investing in,” says ThinkGard CEO Paul Franks.

“Position data security and data protection using the analogy of safety equipment when performing a dangerous activity,” says Databranch president and CEO David Prince.

“Ask, would you go skydiving without a reserve parachute?”

In the end, every business knows that becoming GDPR compliant will cost them money. The companies that realise this is a worthwhile investment will be a step ahead of their competition.

To conclude, under GDPR, every business will need to adapt to stay afloat, and as an MSP you are in the perfect position to provide the support necessary to help your clients do exactly that.

GDPR is a game changer. While it may seem to challenge your business today, building compliance will reward you and your clients with endless opportunities in the long run.

Article by Datto Asia director Nop Srinara

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.