Are You Providing The Correct Level Of Security For GDPR Compliance?
Welcome to TrustArc, the latest addition to the QBS Distribution portfolio. A company that has been a leader in helping organisations with their privacy compliance solutions. Fresh from signing our recent distribution agreement, we caught up with John Speakman, EMEA Channel Director of TrustArc to get an introduction to TrustArc and how they help partners manage privacy compliance and risk for GDPR, CCPA, and other regulations with TrustArc.
Tell us about TrustArc
TrustArc have been in the privacy business for over 20 years and provide privacy compliance solutions for some of the world’s biggest and most respected companies. We even have our own privacy certification called Trust-e; most people will probably recognise the logo on many websites. TrustArc basically invented the whole privacy business and around 8 years ago we built a software platform to help with our consulting services. A couple of years ago we launched this platform as a SaaS channel product and it’s now used in over 1000 companies around the globe to manage their compliance both with best practice and the relevant legislation.
Privacy is a popular issue at the moment, why is this?
In Europe the GDPR came into force in May 2018, this introduced into law strict regulation around data protection and the rights of individuals to access and control the use of their data. The GDPR identifies Personally Identifiable Information (PII) as any data that could personally identify an individual and includes names, email, address, MAC address of a device, location, biometric data and so on.
Breaches of security and loss of individual’s data hasn’t stopped though, we still see headlines from around the world about huge losses of data that should have been prevented. Another big problem right now is to do with the misuse of data. Companies have to be very careful about the kind of personal data they collect and what they do with it. There must be legitimate reasons for the collection and they must be proven in order to comply with the law.
An example of this came from Spain just this week. The Spanish Football Association, La Liga, were using an app installed on Android phones to activate the microphone during matches. They used the GPS location of the phone tied with the audio collected to see if the user was in a bar that was illegally showing the matches. This was a clear misuse of data and the Spanish Data Protection Agency fined La Liga €250,000, however under the GDPR fines can be as much as 4% of global revenue or €20m!
Users of apps and websites are becoming more aware of how their data is used and misused, the legislation will continue to evolve, and more fines will be handed out for sure.
What’s the difference between Data Protection and Cyber Security? Are they not the same thing?
Within an organisation the responsibility to ensure good Cyber Security and Data Protection usually lies at board level with the CIO or CISO. Cyber security technology exists to protect the company network, user and servers from unwanted access, such as hackers or malware. This security also exists to prevent the loss of data from the company network; this may be intellectual property and sensitive data, but it also includes individual’s data, and this could mean employees or customers.
The difference is the loss of company information would be embarrassing, could be covered up and may lead to a loss of revenue, whereas loss or misuse of personal data is more serious, legally this has to be reported (often leading to reputational damage) and can lead to heavy fines.
Just as a wealth of great technology exists to ensure good network and data security, privacy technology exists to ensure that Personally Identifiable Information (PII) is being properly identified within different business processes, the impact of this is being properly assessed, the right cyber security is in place and associated 3rd parties who may handle the data are also being managed.
It is difficult for security resellers to get into the Privacy Tech business?
The short answer is no. TrustArc have built a modular, SaaS based Privacy Platform that addresses all the requirements for a Privacy Program. This includes consent management, data flow mapping, assessments, website monitoring, reporting and subject access requests. However, it’s not just about the software. We also have unrivalled support from privacy experts including lawyers and consultants that help build and maintain the platform. These legal and consultancy services are also available to channel partners alongside the Privacy Platform if required.
By introducing TrustArc alongside your Cyber Security offering you will be able to ensure that the program of Data Protection and Cyber Security is delivered holistically, backed up by the company with unmatched experience in the Privacy business.
We have a great channel program in place, available through QBS Distribution, with tremendous benefits for our partners including deal registration, great margins, recurring revenue, marketing support, sales leads and in depth training.
About the Author
John Speakman is the Director of EMEA Channel Sales for TrustArc. He has worked in the technology sector for over 20 years specialising in networks and cyber security, holding positions with a range of companies from Silicon Valley start-ups to global leaders in Industrial Automation.