If you’re not GDPR compliant, neither are your customers
With the May 25, 2018, deadline for the General Data Protection Regulation (GDPR) approaching, now is the time to get prepared. IDC estimates this regulation represents a $3.5 billion security products and services opportunity for partners and customers working to comply with GDPR rules. A recent study shows 75 percent of US companies that consider GDPR a top priority have budgeted $1 million or more to become compliant. In Europe, that figure ranges from €100,000 to a few million, depending on an organization’s status quo according to the recent Forrester report, Assess Your Data Privacy Practices with the Forrester Privacy and GDPR Maturity Model.
As a Microsoft partner, you want to avoid fines for your business, but also help your customers stay compliant, too. Here’s how the GDPR affects your business and what you can do about it.
The six key principles driving the GDPR
The European Union’s GDPR imposes a wide range of requirements on organizations that collect or process personal data, including a requirement to comply with these six key principles:
- Be transparent, fair, and lawful in the handling of customer personal data
- Limit the processing of personal data to specified, explicit, and legitimate purposes
- Minimize the collection and storage of personal data
- Ensure the accuracy of personal data and enabling it to be erased or rectified
- Limit the storage of personal data
- Ensure the security, integrity, and confidentiality of personal data
What are the greatest risks you must prepare for?
According to an IAPP and Trust Arc survey, the greatest GDPR compliance risks partners face are:
- Adhering to the 72-hour breach notification
- Understanding data collection with data inventory and mapping
- Ensuring user consent in data collection
- Meeting international data transfer requirements
What happens if you’re not compliant?
Partners that don’t meet GDPR compliance run the risk of being fined up to €20 million or 4% of annual global turnover, whichever is greater. And that’s just the beginning—you could incur legal fees and penalties on top of your fines if you’re noncompliant.
The same consequences apply to your customers, which means your business is on the hook for ensuring they’re compliant as well.
We’re here to help
Here at Microsoft, we’re working with global partners to address customer needs around GDPR. We have several partners today offering Microsoft-based solutions that include an overall set of controls and capabilities to meet GDPR requirements. Microsoft Partner Network can help you find an organization to help you prepare and ensure success.