Digital Transformation In The Face Of GDPR

Digital transformation is going nowhere, as the concept becomes more relevant to businesses struggling to adapt to the digital-first world. There’s a misconception that digital transformation is about splashing the cash on technology that has a lot of bells and whistles, or that it’s only for large enterprises. This couldn’t be further from the truth.

Many small business leaders also believe that transformation isn’t possible without a large in-house IT team. Whilst it’s imperative to have IT representatives at the highest level in your business in order to drive true digital transformation, reducing the burden of an in-house IT team could actually allow your business to focus on innovation and growth.

It’s positive, then, that businesses are outsourcing more IT services than ever and increasing the budget spent on outsourcing (Computer Economics). Unsurprisingly, the fastest-growing area for outsourcing is IT security; 47% of respondents plan to spend more on outsourced IT security services.

It’s sensible to outsource IT security in the face of ever-increasing cyber-attacks that are getting more sophisticated by the day. Highly-skilled cybersecurity experts are hard to come by – a record 51% of organisations say they’re experiencing a “problematic shortage” of cybersecurity specialists (ESG). However, managed IT service providers are guaranteed to hire more of these specialists. Instead of struggling to hire an in-house cybersecurity whizz, particularly if you’re a small-to-medium-sized business, why not tap into the resources of your IT support provider?It’ll undoubtedly have a wide skillset simply because it’s their job to have one in order to serve its customers.

Interestingly, more businesses are now choosing to outsource their efforts in becoming GDPR-compliant. It makes sense, as the two go hand-in-hand; cybersecurity is critical to ensuring compliance with the General Data Protection Regulation, with fines expected to be dished out for a lack of security implementation in the event of a data breach.

As a data controller, you’ll still have responsibilities under GDPR; that’s inescapable. You’ll most importantly have to review your policies and procedures in light of GDPR, with data protection policies at the top of your list. But your managed IT services provider can help you understand the best security measures not only for your data, but to protect your business against all kinds of malware and hacker activity.

In terms of the mandated role of the Data Protection Officer, you can actually outsource this – which is great news for smaller businesses. For a long time, there was confusion around whether small businesses – defined as those with fewer than 250 employees or 5000 records – required a DPO, but the Information Commissioners’ Office (ICO) cleared this up by stating there was no exemption for SMEs. However, rather than requiring an increase in headcount, small businesses could appoint the DPO responsibilities to an existing employee or, more realistically, outsource the role of DPO and even ‘share’ a DPO with other small organisations.

This is one element of the GDPR that is especially helpful to small businesses. Another benefit of outsourcing the DPO role is that, like outsourcing IT support generally, saves a lot of budget. You shouldn’t, of course, outsource your IT support services solely for cost-saving purposes, but if done correctly, outsourcing can allow your business to grow through freeing up resource to focus on transformation. M&S has recently outsourced a large portion of its IT support as part of its 5-year Technology Transformation Programme; however, the business retained a smaller in-house team, demonstrating that outsourcing doesn’t mean getting rid of your entire IT department.

As with every major business decision, you need to consider the risks. Outsourcing certain IT projects – for example, the implementation and support of your CRM solution –means there’s an additional party with access to sensitive data, which could potentially increase your business’ attack surface. To mitigate this, it’s important to choose an IT services provider that is fully committed not only to its own GDPR compliance, but to the compliance of its customers too. A high-quality IT support company will have in place the most sophisticated technologies to protect its data and yours – technologies that you could take advantage of as a customer.

Another concern businesses have are increased response times to critical IT support tickets. It’s understandable, as depending on the level of staff you retain, your IT helpdesk could very well be situated in an office hundreds of miles away. However, IT support services are ever-evolving, with many businesses offering remote services with unlimited telephone support. Some are so sophisticated that they’ll designate a support agent to be on-site with you every day. This again depends on the business that you’re dealing with; if they’re hard to reach, you might not want to entrust them with your business-critical systems that need immediate attention.

IT support is still considered a cross to bear for many organisations, despite the shift in IT from break-fix to true innovation. But for many it’s expensive, time-consuming and only exists out of necessity rather than innovation. Outsourcing IT services, and in particular IT support and IT security can take this off your business’ plate and allow you to focus on the ambitious transformational targets that will set your business apart from the competition.

If you’re finding GDPR compliance and in-house IT support burdensome, it’s well worth considering outsourcing these services. There are some careful considerations to make, however; your decision to outsource some or all of your IT shouldn’t be based on saving money alone. You need to ensure you choose a robust and established IT support provider that follows best practice rules. The benefits, such as cost-savings and a wider talent pool should be weighed against the potential downfalls, like an additional third-party business accessing your data or unworkable response times. With more businesses than ever outsourcing IT support, it’s time this became a real consideration.