The International Association of Cloud & Managed Service Providers (MSPAlliance) launched a comprehensive program for its service providers members related to the General Data Protection Regulation (GDPR). The program includes a variety of solutions many service providers will need in order to understand and demonstrate compliance with GDPR. The MSPAlliance GDPR program includes the following:
- GDPR Verify – a module attached to the MSP/Cloud Verify report which will demonstrate a provider's compliance with GDPR
- MSPAlliance Cloud & MSP Insurance – this groundbreaking insurance product for MSPs was launched in 2008
- Legal Hotline – staffed by attorneys from Scott & Scott LLP, this hotline will provide legal consultations for MSPAlliance members seeking to learn how the law effects them and seeking legal counsel regarding GDPR compliance.
"This program is the first of its kind, in that it combines insurance protection with certification and compliance reporting, as well as legal guidance," said Charles Weaver, CEO of MSPAlliance. "Because GDPR will have a significant impact on the global MSP community, every MSP needs to be aware of what this law says, especially those MSPs with customers in Europe. As the largest international organization for MSPs, MSPAlliance is once again bringing its extensive knowledge and expertise of the global MSP industry to help MSPs grapple with the complexities of GDPR."
GDPR, which went into effect May 25, 2018, is a European Commission legislative scheme designed to protect European data. The law federalizes several key elements of data protection throughout Europe, including data breach notification, the right to be forgotten, and several data security and privacy enhancements. GDPR applies to certain MSPs and cloud providers, even those operating outside the EU.
The GDPR Verify report addresses issues such as geo-location disclosure, access controls, data breach notification, as well as other elements found within GDPR.
"This regulation is much broader in scope than anything we have seen under US privacy law," said Rob Scott, the managing partner of Scott and Scott, LLP. "The law provides for both regulatory enforcement and a private right of action and shifts the burden of proving compliance to companies processing Personal Data."
"As a European MSP, the GDPR Verify program is particularly interesting for us," said Nicolas Geudens, Managing Partner Hestia Group NV. "While we are awaiting further details on the official certification scheme to be issued by the EU and/or local authorities in the coming 2 years, the GDPR Verify Program provides us with a best practice standard to measure how we stack up against GDPR obligations. We've always had privacy and security on top of our agenda, and thanks to GDPR, we are able to use it as a competitive differentiator by completing the GDPR Verify Program."