Resellers need to lawyer up for GDPR, says CAE boss
Justin Harling says channel firms need to be more careful when selling solutions ahead of GDPR's implementation
Resellers need to consult lawyers before offering General Data Protection Regulation (GDPR) advice, or risk being liable for potential breaches, according to CAE Technology managing director Justin Harling.
The channel has gone into overdrive with GDPR marketing over recent months, ahead of the implementation date on 25 May next year.
A host of resellers recently told CRN that they had grown frustrated with how vendors were pitching their products ahead of GDPR, accusing them of wrongly claiming they can provide solutions that cover customers for the whole regulation.
Harling (pictured below) told CRN that marketing of this type is "really dangerous" for the channel because it is not yet known how the clauses of GDPR will be interpreted by governing bodies. He added that anything a channel partner recommends to a customer could be defined as legal advice, which they may not be in a position to provide.
"This is legal thing," he said. "It's a legal thing with some technology - not a primarily technology thing.
"Our first look at it isn't 'where is all this extra technology we can sell?' I hate to say it, but our first conversation is 'Christ, we're going to need to talk to the lawyers to figure out what we can do, what we can't do, what advice we can give and what advice we can't give'.
"We're ending up talking to lawyers and part of that is making sure that we can cover what we need to cover. I'm not convinced that our professional indemnity insurance covers us giving legal advice around something like GDPR.
"It will allow us to give technology advice, absolutely, but if you said to a customer 'here's a solution to any of those GDPR clauses', you've said something there where a customer might have a legal issue and someone might say 'why on earth have you said that?' We're not qualified to and I don't think there are resellers, or manufacturers actually, that are able to do that."
Harling said that for this reason, he has briefed his sales and marketing team to not "in any way, shape or form" claim that the reseller can offer a solution to GDPR.
He claimed that while there will be opportunities for particular product categories - security and backup, for example - channel firms need to protect themselves against the possible repercussions instead of merely looking to sell technology.
"I think those companies that just look at it and say 'this is going to be great, it's going to be a windfall' are incredibly naïve," he said. "I think there is a real danger in that.
"We'll always go back to 1999 when the world was very naïve and from a technology perspective the industry said 'everyone is going to have to do this'.
"That has changed and the world is not naïve about technology and what it can do and what it can't do, but I think there's a lot of people in the industry who are incredibly naïve in terms of how people purchase and how smart they are. That's one of those fundamental shifts in the market."