The first anniversary of a move by the European Union to impose a General Data Protection Rule (GDPR) arrives at the end of this week. GDPR was enacted to protect the digital rights of anyone doing business with a company within the 28 countries that make up the EU. While GDPR remains controversial in some quarters, it appears that the experience of the EU is serving as an example for how similar sets of rules will slowly but surely be implemented around the world.
A global survey of over 3,000 workers conducted by Snow Software, a provider of tools for tracking software assets, finds that 74 percent of respondents said there is a need for even more regulation. In fact, only 39 percent said they feel their personal data is better protected in the wake of GDPR being implemented.
Not only will the EU continue to expand upon GDPR, even in countries such as the United States where there is a lot focus on deregulation, there seems to be a bi-partisan consensus building towards more regulation. A big driver to craft new rules is the increased appreciation for just how much Web-scale companies can now infer about an individual just by applying artificial intelligence (AI) in the form of machine and deep learning algorithms.
MSPs can help fill the GDPR gap
Most organizations are going to struggle meeting such mandates. A recent survey of 267 cybersecurity professionals, conducted by Enterprise Strategy Group (ESG) on behalf of the non-profit Information Systems Security Association (ISSA), reveals that 84 percent of ISSA members claim that the cybersecurity team at their organization has been tasked with taking on a more active role with data privacy over the past 12 months.
However, only 21 percent of those respondents said they believe the cybersecurity team has been given clear directions for its data privacy responsibilities. Furthermore, 23 percent said they don’t believe the cybersecurity team has been given the right level of training for its data privacy responsibilities.
Managed service providers (MSPs) have an opportunity to plug that gap. Most organizations are still trying to modernize their backup and recovery processes in the age of the cloud, while many fewer are able to permanently delete every instance of personally identifiable information (PII), that may be hiding in any number of applications, on demand.
Most internal IT teams are all too familiar with the scope of the challenge. As executive boards decide to make digital privacy a priority, most of the members don’t truly appreciate what’s really required to achieve those goals.
Savvy internal IT teams immediately ask for additional help in the form of external expertise. Internal IT teams that try to address the challenge on their own will eventually run afoul of boards that will grow increasingly exasperated as more fines are levied.
They say it’s truly an ill wind that doesn’t blow some good. In the case of MSPs, that ill wind blowing regulatory things their way started with a proverbial butterfly flapping its wings near the EU headquarters in Brussels.
Photo: Nico El Nino / Shutterstock