EU to require organizations to appoint data protection officers

Posted by Mike Vizard on May 3, 2016 11:03:12 AM

data_protection_officers.jpgWhile it may be popular to decry regulations these days, IT service providers that specialize in data protection will soon have a lot to be grateful for as governments such as the European Union move to implement much stricter privacy requirements.

As part of a wave of regulations that will go into effect in the next two years, the European Union has decreed that any organization doing business in Europe must have a designated Data Protection Officer (DPO). These DPOs are to be appointed based on “professional qualities and, in particular, expert knowledge of data protection law and practices and ability to fulfill its tasks.”

Given the number of organizations that do business in Europe, The International Association of Information Technology Asset Managers (IAITAM) says it’s only a matter of time before data protection officers become responsible for data protection outside of Europe as well. In fact, China is also working on a similar set of data privacy and protection requirements. And, once an organization appoints a DPO, they're more likely to start to modernizing the data protection processes being employed by their organization.

Prioritizing data protection

Despite years of preaching about best data protection practices, most organizations still don’t regularly test whether they can recover data. In addition, the vast majority still rely on backups to archive data. DPOs are going to want to be able to demonstrate that they can recover data on demand, and they're going to be held accountable for a data protection budget. As such, it’s only a matter of time before more of them start using archiving to reduce the amount of storage space being consumed by the data protection process.


But while many organizations will soon have a DPO, that doesn't mean most of them will want to allocate internal IT resources to manage the data protection process. Many companies view data protection is a necessary evil, and it makes more financial sense for a DPO to outsource data protection to a third party that provides that capability as a managed service. After all, while data protection is critical to the sustainability of the business, in and of itself it does not generate revenue for the organization. With most organizations these days focusing on their core business, most DPOs are going to conclude that a managed service is both more reliable and economical.

Creating opportunity for IT service providers

The best thing to come out of all these new regulations, of course, is that it forces companies to pay attention to data protection. Most organizations only take a hard look at their data protection processes when something goes wrong. That doesn’t create the best climate for having a conversation about the need to modernize their data protection processes. When they lose data, all that most organizations want to focus on is getting it recovered. Once the crisis passes, other priorities usually distract them form the need for better data protection.

In contrast, a DPO is going to be more inclined to view data protection as an ongoing process rather than an occasional event. Once that level of maturity is reached, the opportunity for IT service providers to become an integral part of that process is all but assured.

Intronis blog

Photo Credit: CPOA via Used under CC 2.0 License

Topics: IT Services Trends

Which Data Loss Gremlin Is Targeting You
The MSP's Complete Guide to Cyber Security
Fixed Price Data Protection
Intronis Local Lunches
MSP Marketing Assessment