GDPR | A Major Opportunity for Partners to Bridge the Gap
Organisations are scrambling to get ready for compliance with GDPR regulations coming into force May 2018. For many, concern could descend into desperation. But how can you help them – or even start a conversation? With the right approach, partners can play a vital role.
As you’ll know by now, the General Data Privacy Regulation comes into force from May 25th 2018. It impacts organisations anywhere in the world that process the personal data of individuals in the EU. Breaking the rules can mean eye-watering fines.
A year ago, I explored the initial response to the news in my blog ‘GDPR – 3 Months Down, 21 to Go’. So much has happened since then. In many cases, apathy has transformed into action as organisations attempt to create a clear roadmap. But where do you fit in?
It’s clear that GDPR introduces new challenges for your customers around data and privacy, but it also opens exciting opportunities for partners. GDPR extends beyond technology; it’s about people, processes, culture and law – and that’s where you come in. Your business knowledge and relationships, combined with our best-of-breed technologies, thought leadership and associated support, position you to bridge the GDPR gap, between where they are and where they need to be by May 2018 and beyond, for your customers. Together, this is how we can help your customers on their GDPR journey. It’s a partner-led approach; and you are front and centre.
Want to Turn Regulation into Revenue?
GDPR presents opportunities for a variety of partners from smaller ’boutique’ firms to large Global System Integrators. For GSIs, you can take existing capabilities or services and build out new offerings for customers. For example, if you’re already working with customers to drive value through digital transformation projects, then why not focus on GDPR at the same time?
For smaller partners, your GDPR offerings can be driven by your current go-to-market process and specialities. For example, if you focus on data governance, talk to your customers and other organisations about the governance-related aspects of GDPR. Or, if your business is related to Master Data Management, then focus on delivering timely, trusted, relevant master data for individuals in the EU (‘data subjects’).
That said, the common concern I hear from customers and partners relates to the legal aspects of GDPR. Understanding and translating the legal requirements into something that partners can deliver against requires legal expertise. But some partners that I work with, large or small and without the specialist legal expertise, are solving this by working with other partners that specialise in legal issues within IT.
Four Essential Questions to Ask
Many organisations are tired of hearing about the threat of fines — or from companies that claim to have ‘the solution to GDPR’. They need expert advice and practical steps they can take quickly.
GDPR is a principles-based regulation which means it can be approached from different angles. I suggest partners look for entry points into conversations with customers to explain the potential value they can offer. I’ve had numerous conversations with customers and I believe there are four pain points we can tackle. In each case, these start with questions to your customers.
Entry Point 1: Do you know what data you hold for the data subjects, who has access to it and for what purposes?
These may sound like easy questions to answer but many customers will find them difficult. Data is typically scattered across organisations. What’s more, those with diverse IT systems might have data on desktops and laptops — and in Excel, PowerPoint and Word documents. This can be a complex problem for many customers and they’re not sure how to get started. Your expertise could make all the difference, as you guide them, step by step. A good topic of conversation is how our technology, and your expertise, can help them quickly build both business and IT views of data to help answer these questions.
Entry Point 2: Do you know where all your in-scope data resides?
This is potentially another difficult question to answer. Customers need to know which data falls within the scope of GDPR. And it’s not just their customer data – it could be about employees, contractors, recruitment partners and other third parties. It’s essentially ‘people data’, which could be substantial for many organisations. But finding all this, using a common approach of doing it manually, is time consuming and risking. A good topic of conversation is how our technology, and your expertise, can help them automate the data discovery process that is both quick to implement and comprehensive.
Entry Point 3: Do you know how you will manage consents and data rights?
This is a topic that mostly concerns B2C customers, but can also apply to B2B customers. If an organisation plans to hold personal data and process it, then they may be required to ask their clients for permission. Many companies will have a subscribe/consent system in place already but it’s unlikely to be good enough for GDPR. For example, how will they capture, manage and distribute consents across channels and business units? How can they legally prove they have someone’s consent for different ways their data is being used? A good topic of conversation is to show how our technology, and your expertise, can help them rapidly construct a solution to help manage consent data and respond to data rights.
Entry Point 4: Do you know how you will protect your data and apply the appropriate controls?
With security and GDPR, most organisations think about perimeter-level security, firewalls and antivirus. But GDPR applies inside too, where the data moves around. Do organisations have the necessary control over data and do they protect it? Most businesses don’t know they need a solution in this area. A good topic of conversation is to show how our technology, and your expertise, can help them rapidly implementation data minimization and masking solutions.
The Clock is Ticking
Now’s the time for partners to seize the initiative. Organisations in the EU have a good idea of what GDPR means, they’ve already started building their compliance roadmaps – and they need you. Outside the EU, many organisations are in catch-up mode and may not realise that GDPR will affect their business, so they’ll need a little education first.
Put simply, all organisations need someone to help them conquer the complexity of GDPR – and break it down into manageable chunks.
Ready to Offer Your Solutions?
I believe a massive opportunity exists for partners to extend their market reach — if you can quickly describe the value of the solutions that solve the problems we’ve explored. Organisations will want software solutions to automate processing as much as possible, cope with data at scale and help them meet their May 2018 requirements deadline.
Think over the technology, consulting services and guidance you’ve supplied to customers already. Then bring together a repeatable solution for customers who are catching up in the final few months.
Want to know more about how our technology and solutions can help you to help your customers, on their GDPR journey? Informatica has created a series of Partner assets that help you to effectively engage with your customers around the GDPR entry points, plus the enablement tools around the technologies we offer. For more information, visit the Partner Activity and Resource Center (PARC) to see how we can help you.