GDPR Study: Are MSPs Prepared to Offer Compliance Guidance to Customers?

It won’t be long until the May 25, 2018 deadline for the EU's General Data Protection Regulation (GDPR) goes live -- sooner actually than most realize. Expect a flush of new studies taking the temperature of MSPs, channel partners, users and IT executives on how well (or not) they’re preparing for the overhaul and its affect on their businesses.

As a quick refresher course, the GDPR is the modernized process (the first in nearly 20 years) for protecting customer data, carrying a stiff penalty of four percent of global revenue for organizations that don’t comply with its rules and regulations.

Here’s the latest GDPR research: IT services platform provider SolarWinds MSP, in conjunction with Channelnomics Europe, surveyed some 250 executives at resellers, MSPs, consultancies and other channel firms in the U.K., Germany, France, the Netherlands and Italy in August 2017 to find out how they see the data privacy and security framework. In addition, the organizations backed the channel study with a complementary survey of 140 IT leaders and U.K. end users aimed at assessing GDPR compliance.

The top-level findings? There are two primary takeaways from this research: Is the GDPR a potential cash cow for the channel? Most VARs and MSPs believe the GDPR will bring them a moderate sales increase tempered by having to deal with the business and legal challenges of the impending umbrella regulations.

Only a few IT suppliers in Europe are looking toward the GDPR to provide a “huge windfall,” the study indicated, with those in France, the U.K. and the Netherlands a bit more enthusiastic than in Germany. A good number of end users are looking to the channel for GDPR guidance. Are channel partners ready?

Here are some of the study’s primary returns:

1. On compliance and readiness: To this point, only three per cent of U.K. IT leaders have completed their preparations and fully tested their compliance with GDPR. That’s basically nobody. By comparison, IT suppliers aren’t much better off. Only seven per cent in the U.K. have completed their preparations for GDPR with similar figures showing for Germany, France, Italy and the Netherlands.

Still, IT suppliers, according to the study, are planning to comply ahead of the deadline. But it’s concerning that many channel firms don’t believe themselves well equipped to provide guidance to the customers on GDPR, the study showed.

2. On a sales and security kick start from the GDPR:

In most countries, the most popular response was ‘to a limited extent’, counting 46 per cent of U.K. and German, 44 per cent of French, 45 per cent of Italian and 28 per cent of Dutch respondents. Spending increases are expected to come from cloud storage, encryption and two-factor authentication, as well as risk assessments and network audits.

3. On the GDPR’s bark and bite: There’s no consensus that organizations should fear the day-one GDPR deadline. In the U.K., only 21 per cent said EU regulators will be able to enforce the GDPR.

4. At day’s end: Partners can (and should) capitalize on the GDPR to reinforce their value to customers as trusted advisors.

FYI: In an earlier GDPR study of 1,600 organizations sponsored by network security provider WatchGuard and conducted by U.K. researcher Vanson Bourne, nearly 40 percent didn't know if they need to comply with the regulation, while 28 percent believed their outfits didn't need to comply at all. Despite knowing about GDPR for a while, only one in 10 companies said they’re 100 percent ready for it.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.