Cybercriminal: “Your money or your customer’s network.”
Cybercriminal: “Look bud. I said, your money or your customer’s network.”
Jack: “I'm thinking it over!”
—Hypothetical Jack Benny Radio Program, 28 March, 1948
In the scenario above, Jack faces a question that many MSPs are currently trying to figure out—how can an MSP balance the costs of delivering Security as a Service (Sec SaaS) and/or Compliance as a Service (CaaS) while meeting the enhanced personal data protections provided by the General Data Protection Regulation (GDPR)?
Ultimately, GDPR represents an excellent service opportunity for MSPs. Most customers will be more than happy to place GDPR readiness and security on the shoulders of their MSP, so they can focus on their commercial prosperity.
MSPs cannot be a big, red “make GDPR readiness go away” button for customers. Yet, MSPs can help establish some of the foundational layers for GDPR readiness, maintain the GDPR readiness posture, respond to security incidents and—most importantly—regularly report on GDPR-readiness-related activities.
But helping clients work toward GDPR readiness could require a slight reset. In a very real sense, MSPs must onboard clients again to help ensure the prescribed Sec SaaS or CaaS offering will meet GDPR recommendations. This onboarding constitutes an important security deliverable as part of the process. It’s also an important starting point for moving the customer closer to becoming GDPR-ready.
In general, an MSP’s customers fall into two buckets:
If they fall into bucket two, you may want to either double the price of services or drop them altogether. A customer that doesn’t emphasize GDPR readiness is a ticking time bomb for an MSP. So, let’s focus on customers in bucket number one.
Some of these onboarding services can help MSPs address key GDPR requirements and allow them to customize their service offerings to meet unique customer challenges. The MSP needs to ensure that personal data protections are appropriate, robust, and effective for their customers. It’s true these onboarding services are not as exciting as removing old gear and putting in new tech, but an MSP focused on onboarding for GDPR readiness can help ensure a strong partnership with that customer moving forward.
This document is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR may apply to you and your organization. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organization, and how best to ensure compliance. SolarWinds MSP makes no warranty, express or implied, or assumes any legal liability or responsibility for the information contained herein, including the accuracy, completeness, or usefulness of any information.
© 2017 SolarWinds MSP UK Ltd. All Rights Reserved.