Cybersecurity Blog

GDPR: It's a Great Topic for Channels to Become an Expert On | ARIA

Written by ARIA Cybersecurity Solutions | Oct 2, 2017 2:44:14 PM

Austin is a fun place to visit, in part because there is so much going on. While that’s not necessarily news to people who already know Austin, it was even more interesting this week due to the Channel Partners Evolution conference, especially to channel professionals who like to hear a good story.

I was in attendance, and I got the chance to share an astonishing tale because it has been heard by very few people, even though it will soon impact so many. No, it wasn’t predicting the next hurricane. It was nothing that dire, but for our industry – those selling cyber-security solutions – it was about something strange, and not yet truly believed by most in our industry.

What could it be? In this case, it’s the fact that the EU’s General Data Protection Requirements (GDPR) law is coming, and it will likely impact all of us in the U.S. in some capacity. My Channel Partners tale was how to turn a law crafted by some seriously irritated European lawmakers into a gold mine for the cyber security channel.

A closer look at GDPR

Before we dive into it, let’s cover a few points:

First, GDPR is that law you’ve probably heard about. GDPR is a EU law that gives you just three days to come clean that your organization has been breached and tell any/all EU countries that you have lost or exposed certain parts of their citizens’ data.

Failure to comply has significant consequences. If you have a presence in the EU or in the UK, it could be a fine of 20M Euros or 4% of your total revenue (whatever is greater) for each breach.

Even if you don’t have a presence in the EU, you aren’t safe. Why? Because U.S. laws and directives negotiated with the EU allow those countries’ lawyers to draft class-action lawsuits to come after you. Think you’re immune? Consider the recent Equifax breach, and the months it took them to detect the problem. If Equifax had EU citizen data, it would be a major violation.

Spin a challenge into a GDPR compliance solution

My tale was not just about GDPR and its implications. It was actually about you, the channel partners who are supposed to be your customers’ advocates and advisors.

Think of it this way: Your customers’ problems are your opportunities, and this is your chance to provide real value with consultative selling. So, you should ask, “How do I turn this into something that benefits my company?”

Here are our recommendations:

  • You first make your customers aware you know they have this problem.
  • Demonstrate that you have competence about it and can help educate them about the issues.
  • Show them that you have solutions with specific details and examples.
  • Highlight the fact that the GDPR compliance solutions are not budget breakers and can be adopted and deployed well before the May 25th enactment date – so all will be right and well.

The best GDPR approach

“Wait,” you say, “I don’t know much about this topic. What solutions am I supposed to tell them about that can do all this?”

Well, since you asked… My story described how to leverage existing security solutions that you may already sell. More, you can combine them with a set of techniques that can detect the breaches automatically and create detailed evidence as to exactly what records were exposed – and do it all within hours of the breach.

If your customer follows your recommendation, they will be fully compliant and not face any repercussions from GDPR or other U.S. state laws that also have fines. (Yes, 48 states also have laws with similar notification requirements – many with stiff fines for non-compliance.)

FREE WHITEPAPER: RAPID BREACH DETECTION & INVESTIGATIVE SOLUTION FOR MEETING GDPR AND PII COMPLIANCE DEADLINES.

You might be thinking “But I thought I heard EU friends say that they were taking a wait-and-see approach on this law. Surely the EU will back down and “slow roll” the enforcement of a law with such drastic impact.” (I heard this a few times).

My response, especially to U.S. businesses is:  EU lawmakers are putting their citizens first on this one, and are looking to make examples out of someone or some company. To quote the latest update from the EC (European Commission) that oversees such law enforcement: “We are not going to back down.”

In many ways, going after U.S.-based firms would be easier, and they would represent more palatable targets than EU firms that violate the law first. This won’t offend any voting constituents, and putting it to U.S. companies who don’t take losing their citizens’ data seriously is doing the work these “men of the people” were put in office to do.

What’s also shocking is that the discussion this week from other attendees in Austin (especially those “in the know,”) is that other countries like Poland and Russia have much more drastic laws. So if you do business in these countries be very careful and our web content below.

Bottom line: If you want to hear how to make money and solve your customers’ security and GDPR compliance challenges, please click the learn more button below.