No need to fear the GDPR
Unless a business has been living under a rock for the past 12 months, the threat of the General Data Protection Regulation (GDPR) will not have escaped it. For those in the boardroom of companies that handle, process or monitor the data of EU citizens, it is a very real threat.
The news headlines in 2017 were filled with cybercriminals and reports of breaches, and the notion that businesses must be able to spot and report on these to the relevant authorities within 72 hours came as a shock to some. Failure to do so could see enterprises fined up to €20 million or 4% of their annual turnover.
But hasn't data always been the most precious of assets for an enterprise? Today, more than ever, businesses are propelled by a data-driven economy, so it makes sense that they should look to secure the very currency that drives them and their customers.
For many, this throws up more questions than answers and is the next in a long line of regulations to be complied with by beleaguered chief information officers, who are looking to drive return on investment (ROI), while delivering secure, joined-up IT thinking and enterprises that are equipped to cope with today's fast-moving agile economy.
Problems to overcome
Of course, another problem that these businesses face comes in the form of shadow IT and cloud sprawl. According to Gartner, 38% of technology purchases are already being managed and controlled by business leaders, while the former wrestles decisions from the IT department itself. Cloud sprawl further complicates the issue as multiple services from various providers can leave IT teams struggling to keep track of assets and technology use, which in turn leads to inefficiencies, security blind spots and systemic weaknesses.
With the advent of the GDPR, this becomes important for two reasons. Firstly, if companies do not know what they're using in terms of Windows solutions, cloud instances and who's using what, they run the risk of having an under-optimised IT estate, which means that things like the cloud could actually end up costing them more. Secondly, the inability to spot these could leave a business open to cyberattacks and unable to react to them before it is too late.
The solution to these problems is twofold: firstly, companies need specialist GDPR practitioners who can advise and assist them with every aspect on the road to compliance; secondly, they need someone who can not only help them to optimise their investments in IT, but also understand the complexities associated with cloud economics.
How the company can help
As the global leader in risk assessment and technology optimisation planning, Crayon Group launched GDPR services based on Microsoft technology in 2017, and has been assisting businesses with using these solutions as part of their strategy and approach via its new GDPR Readiness Service - a comprehensive GDPR management and risk mitigation system. In addition, Crayon has been offering clients and partners managed services, as well as training for data protection officers concerning GDPR compliance.
As the go-to expert for software asset management, the company has a unique understanding and set of skills when it comes to compliance and technology optimisation.
Furthermore, by undertaking a full risk assessment analysis with Crayon, and using the embedded data governance qualities in Microsoft solutions - such as Azure, Office 365 and SQL Server - businesses will be able to address areas of risk in their IT environment, with Crayon's specialist GDPR team providing the expertise to make these areas compliant.