GDPR data regulations are nearly a year away from implementation and Canalys is expecting more SMEs to turn to resellers for help prepare.
Canalys said that GDPR data regulations are going to lead to revenue for the channel particularly from the SME customer base.
Forecasts from Canalys have highlighted the security spending that is going to come across Europe as firms get themselves compliant with the data protection regulations.
The analyst house is predicting a 16 percent increase in the Western and Central Eastern European security market, reaching $11.5 billion in 2018.
Some customers are better prepared than others with the channel heartlands of the SME community needing a bit of help from resellers.
Canalys senior analyst Nushin Vaiani said large businesses are well informed on information security regulations, with resources in place to ensure compliance.
“With ransomware threats such as WannaCry causing havoc, shareholders will be more willing to accept increased data security and compliance budgets to protect their long-term investment,” Vaiani said.
“SMBs naturally have fewer resources, putting constraints on implementation. But there are potentially massive fines for non-compliance with GDPR, putting SMBs under threat of bankruptcy. Businesses must take action now to safeguard from this danger,” Vaiani added.
More than half of the companies affected by the European General Data Protection Regulation (GDPR) will not be ready by the end of 2018.
Beancounters at Gartner have added up some numbers and divided by their collective shoe size and worked out that when the GDPR goes live on 25 May 2018 more than half will eligible for fines of up to €20m – or four percent of turnover – for non-compliance.
Gartner research director Bart Willemsen said that the GDPR will affect not only EU-based organisations, but many data controllers and processors outside the EU too.
“Threats of hefty fines, as well as the increasingly empowered position of individual data subjects tilt the business case for compliance and should cause decision makers to re-evaluate measures to safely process personal data.”
All this opens the way for the channel to step in and provide customers with the advice they so desperately need.
They need someone to tell them their role under the GDPR. Outfits need to appoint a representative to act as a contact point for the data protection authority (DPA) and data subjects.
Most will have to hire a data protection officer (DPO). This is especially important when the organisation is a public body, is processing operations needing regular and systematic monitoring, or has large-scale processing activities.
Gartner said that too few organisations have found every single process where personal data is involved. Going forward, purpose limitation, data quality and data relevance should be decided on when starting a new processing activity as this will help to keep compliance in future personal data processing activities.
Organisations must prove an accountable ground posture and transparency in all decisions regarding personal data processing activities. Outside parties must also follow relevant requirements that can affect supply, change management and procurement processes. It is important to note that accountability under the GDPR needs proper data subject consent acquisition and registration. Prechecked boxes and implied consent will be in the past. A clear and express action is needed that will require organisations to implement streamlined techniques to obtain and document consent and consent withdrawal.