Cisco has warned that many customers are concerned the tech they buy will not adhere to the General Data Protection Regulation (GDPR) coming in May.
For those who came in late, GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
It was thought that the rush to become compliant would create a bit of a bonanza for those selling security, data management and authentication tools.
Cisco has discovered that far from rushing into buying fresh technology, two thirds of those businesses quizzed were reporting sales delays because of customer data privacy concerns.
Cisco’s Privacy Maturity Benchmark Study found that some of the public sector verticals, including health and government, are suffering the longest delays because of the stricter standards they are working towards.
The Cisco study also exposed the level of losses with what the vendor termed as “privacy-immature” companies being hit the hardest.
A lot of the concerns stem from doubts that products and services purchased will have the privacy protections that are required under GDPR.
As well as delaying spending it also reveals the levels of confusion that still exist around just what will be required to become compliant.
Research from Clearswift looked at the preparations for GDPR in the UK, US, Germany and Australia found that only 21 percent of middle management felt they were ready for the compliance regulations.
The firm found a disconnect between the board and middle management, with the more senior executives more optimistic about the ability to take right to be forgotten requests.
GDPR data regulations are nearly a year away from implementation and Canalys is expecting more SMEs to turn to resellers for help prepare.
Canalys said that GDPR data regulations are going to lead to revenue for the channel particularly from the SME customer base.
Forecasts from Canalys have highlighted the security spending that is going to come across Europe as firms get themselves compliant with the data protection regulations.
The analyst house is predicting a 16 percent increase in the Western and Central Eastern European security market, reaching $11.5 billion in 2018.
Some customers are better prepared than others with the channel heartlands of the SME community needing a bit of help from resellers.
Canalys senior analyst Nushin Vaiani said large businesses are well informed on information security regulations, with resources in place to ensure compliance.
“With ransomware threats such as WannaCry causing havoc, shareholders will be more willing to accept increased data security and compliance budgets to protect their long-term investment,” Vaiani said.
“SMBs naturally have fewer resources, putting constraints on implementation. But there are potentially massive fines for non-compliance with GDPR, putting SMBs under threat of bankruptcy. Businesses must take action now to safeguard from this danger,” Vaiani added.
More than half of the companies affected by the European General Data Protection Regulation (GDPR) will not be ready by the end of 2018.
Beancounters at Gartner have added up some numbers and divided by their collective shoe size and worked out that when the GDPR goes live on 25 May 2018 more than half will eligible for fines of up to €20m – or four percent of turnover – for non-compliance.
Gartner research director Bart Willemsen said that the GDPR will affect not only EU-based organisations, but many data controllers and processors outside the EU too.
“Threats of hefty fines, as well as the increasingly empowered position of individual data subjects tilt the business case for compliance and should cause decision makers to re-evaluate measures to safely process personal data.”
All this opens the way for the channel to step in and provide customers with the advice they so desperately need.
They need someone to tell them their role under the GDPR. Outfits need to appoint a representative to act as a contact point for the data protection authority (DPA) and data subjects.
Most will have to hire a data protection officer (DPO). This is especially important when the organisation is a public body, is processing operations needing regular and systematic monitoring, or has large-scale processing activities.
Gartner said that too few organisations have found every single process where personal data is involved. Going forward, purpose limitation, data quality and data relevance should be decided on when starting a new processing activity as this will help to keep compliance in future personal data processing activities.
Organisations must prove an accountable ground posture and transparency in all decisions regarding personal data processing activities. Outside parties must also follow relevant requirements that can affect supply, change management and procurement processes. It is important to note that accountability under the GDPR needs proper data subject consent acquisition and registration. Prechecked boxes and implied consent will be in the past. A clear and express action is needed that will require organisations to implement streamlined techniques to obtain and document consent and consent withdrawal.