Making Sense and Dollars of the CCPA and GDPR

If you’re a solution provider, system integrator, reseller, MSP, xSP, et cetera, you already bear great responsibility for helping your customers comply with data protection and security mandates. In fact, you are probably their trusted go-to advisor.

Unless your head has been in the sand for the last year, you’re already aware of the GDPR and how it impacts your clients.

The new kid on the block is the California Consumer Privacy Act (CCPA), and it shares some similarities, notably the requirement to protect personally identifiable information.

While CCPA only applies to large companies or those that earn significant income from selling personal information, you’d be wise to understand how to support and serve the growing calls for data privacy – and how to make the most of it for your business.

Critical to these and other regulations are:

  • Knowing what data is covered
  • Knowing where that data is stored
  • Knowing how to protect it (and earn revenue doing it)
Know what data is covered

Generally the first is simple: Personally Identifiable Information (PII) includes anything that can, well, identify a person.

This includes name, email address, SSN, perhaps an IP address, perhaps even a profile photo. Other industry-focused regulations cover specific data such as health records or financial accounts.

Know where data is stored

Knowing where your clients’ data is physically located is much trickier.

Ensure your data protection offerings enable you to search an archive to find PII, track where it’s stored, and set specific compliance and security levels based on location, if need be.

A searchable archive also allows you to comply with “right to be forgotten” rules and destroy PII when the individual requests it. Of course any good data protection product should give control over admin and user permissions.

Know how to protect data

Data protection is a key offering among service providers – and for good reason. But with GDPR and CCPA, companies are under increased scrutiny and penalties for data privacy and protection.

You already know how to secure your customers’ data, but even in a simple data loss scenario, backups are likely to fail or result in some data loss. Be sure your backup and data protection solutions provide instant restart, encryption, ransomware scanning, and offsite or cloud storage options to make sure your customers’ data is safe.

Know how to make the most of it

What if you could protect it and create sustainable revenue streams? No single product can address all possible data protection and compliance requirements, but any new regulatory policy is an opportunity to offer your clients a new solution.

For example, offer new subscription-based services for managing PII either as part of a comprehensive data protection plan or a standalone service. Offer a benefit to existing customers who need to upgrade their data protection environment, so they don’t need you to rescue them later.

Look at your customer niche, ask them some intelligent questions, and find out what matters to them – and create some special offerings just for them. They need your expert help, and you need their recurring business – there is no better way to accomplish both than with data protection/recovery platforms.