You surely know by now that the General Data Protection Regulation (GDPR) is enforced in just over a year’s time. Companies of all sizes and industries – and countries – will have to introduce a significant tranche of new business processes, and technologies to support these processes. While there remains considerable uncertainty over the exact approach to compliance one thing is clear:
companies need a lot of help from their suppliers. That means you.
GDPR is fundamentally about risk: how to identify and size it, and how to minimise it. The core approach is information governance, knowing what personal data sits in an organisation and getting it under management. Most companies have a very loose understanding of this concept, and need assistance. Mapping out the flows of data throughout the organisation is also important, as is classifying data according to its sensitivity. There are both services and technology opportunities here.
Information governance underpins GDPR compliance, but it may not solve all the requirements. There are plenty of opportunities for niche solutions offers support for consent management, data portability, encryption, backup and storage, and many other product types that map onto specific GDPR requirements, as well as services to help implement them.
And then there’s ‘state of the art’. GDPR mandates that companies must take into account state of the art in deciding how to implement security and the principles of data protection by design and by default. This begs the question: what is state of the art? A company is not obliged to implement state of the art, but they need to know what it is to decide whether to implement it or not, based on an assessment of the cost, risk and context pertinent to it. While it is wrong to go to market claiming that state of the art is mandated, you can help to educate the market with your view of state of the art. Companies need to have conversations with their suppliers in order to form their own view, and it’s a missed opportunity if you are unprepared for this.
There is a lot of hype and nonsense being circulated about GDPR, much of it from vendors. But that doesn’t mean the opportunity isn’t there. It is, and it’s sizeable. IDC reckons the market for GDPR-driven spend in 2019 will top $3.5bn for security and storage software alone. Building a marketing campaign around GDPR makes sense, but there are some rules to follow and pitfalls to avoid.
Stay tuned for the GDPR countdown II where Duncan explores these guidelines, to help you build an effective marketing strategy around GDPR.