Services, assessments, and workshops drive customer progress
Crayon is launching a short, online customer self-assessment that an organization can use to get a baseline profile of its position with respect to GDPR awareness and preparation. This self-assessment, which will be available on Crayon sites, should lead to a more comprehensive review (similar to the Microsoft GDPR Detailed Assessment) found here. After evaluating a customer’s current state with GDPR readiness, Crayon can make informed recommendations and propose a tailored roadmap.
Roland explains their approach, “We hold awareness workshops to start, where we invite key customers. If, based on their own admission, their maturity is relatively low, we’ll start with explaining what GDPR is all about before we even do an assessment. We’ll then explain how the actual questionnaire works so they understand what they’re going to be asked about and can line up the right people to attend.”
When it comes to the workshops, people at Crayon may hold one or many, depending on whether they can get in front of all the stakeholders at the same time, or if they need to meet with staff in different locations or even different countries. Once the workshops are complete they analyze the data. The next step is a formal write up and summary that lays out risks, potential outcomes, and findings. “The outcome of the assessment is that they walk away with an understanding of immediate changes, short-term changes, and then the long-term changes that they may need to work on,” said Roland.
The total time to run the assessment, then analyze, and deliver results can vary widely depending on the organization. Average duration is about 20 days, but can run up to four months for a particularly complex customer.
Building GDPR awareness can expand partner reach
While the general awareness of GDPR is growing, many organizations don’t realize that the new regulation will apply to them. Crayon sees a lack of understanding that the legislation could affect all corporations, regardless of size. The key for Crayon is identifying and talking with the right stakeholders. “We take GDPR up to the right level in the organization and create an awareness that data privacy has to be managed, and indeed, managed ongoing. Then, organizations realize that they can outsource it all to partners, take on certain roles and responsibilities internally, or do a combination of the two. As long as you’ve got senior management, IT, procurement, and security officers talking to each other, you’ve got a much better chance of having an aligned strategy,” explains Phil Heap, Product & Services Director, SAM.
Crayon plans to use GDPR to get access to a whole new range of decision makers, enabling them to develop a larger footprint within customer organizations. “GDPR is a compelling event that is happening, and it’s coming very, very soon. It has strong correlation with an information security management program. So, anybody that’s looking to improve IT governance can use GDPR as leverage for getting across those different pillars within organizations, and getting the attention of senior management,” said Roland.
This leads to more room for Crayon. According to Gatehouse, “There’s an enormous education opportunity that’s open to us with GDPR. It’s helping us very significantly engage with customer opportunities that we wouldn’t otherwise necessarily be able to engage with. When you start talking about the contingent liability, that would manifest on their business if they were non-compliant, you get attention from all business leaders.”