Technology Reseller - v22

37 COMPLIANCE technolog y Divya Gupta Tony Pepper Michael Mittel has old applications, whether the NHS, government, banking or insurance.” Channel opportunity Clearly, this is a big opportunity for the channel, not least because Droplet Computing is 100% channel-focused. “We may have a conversation with a customer direct,” said von Oven, “but fulfilment is always through the channel.” One partner Droplet Computing has been working with for two years is XMA, which is using the technology to help its customers overcome interoperability challenges whilst migrating to Windows 10. “One of the biggest challenges in end user computing today is how to move old XP and Windows 7 applications to Windows 10 if those applications don’t run on the operating system. We can get such projects moving for traditional resellers but also for partners like Amazon. They are pushing Amazon Workspaces quite heavily, but the operating systems in those environments are, guess what, shiny new ones. We have spoken to customers who say ‘I would love to go to a rent-a-desktop model and pay $30, $50, $100 or whatever. However, I can’t take my applications’. And, at the end of the day, that is what users need. Partners see that,” he said. Von Oven adds that as the only technology that enables organisations to deliver legacy applications without any re-writes, unpackaged and unchanged, online or offline, Droplet Computing is providing resellers with an additional revenue stream, good margins on licensing and services revenue and the opportunity to get in on something new. “Our biggest competition is probably people doing nothing,” he said. “We are not looking to replace any VDI solution – it’s a very good solution. In fact we work with it; I can very happily deliver my container in a virtualised Windows 10 desktop delivering an older app that wouldn’t natively run on the operating system. But, for partners, ours is an easier sell and it’s a guaranteed outcome because of the way our container works. I could happily go to a customer or partner meeting and have an app in the container before the end of the meeting – as long as they have the install media, which is usually the challenge.” The decision of the ICO to issue notices of ‘intent to fine’ to British Airways and Marriott International is a much needed reality check for organisations that may have been lulled into a false sense of security by minimal GDPR enforcement activity since the regulations came into force on May 25 2018. Here, legal and technology experts reflect on what this development means for business company and you don’t have the money to go through an expensive appeal process like BA is doing, a fine may literally shut you down. Tony Pepper, CEO, Egress : It’s really interesting that the ICO issued a second intention to fine under GDPR just one day after the BA news broke. By barely drawing breath between the two announcements targeting two household names, they have achieved maximum impact in showing the potential of their extended powers under GDPR. The scale of both fines can leave no doubt in anyone’s mind that we are now operating under very different standards than when the Data Protection Act was enforced. Divya Gupta, Partner, Dorsey & Whitney : The huge fines facing Marriott for a GDPR breach are a signal to other companies that the regulatory bodies are strictly enforcing the law to protect consumer personal data from loss, damage or theft. When entrusted with personal data, it’s a company’s job diligently to look after it, and for many years businesses have gotten away with not doing so. With further fines like this on the horizon, companies doing business in the EU should look to their American operations too. Several states are imposing privacy laws in the United States – California leading the pack with the California Consumer Privacy Act – and this means possible future penalties for non- compliance now. Thirty million Europeans were impacted in the Marriott breach; if just 10% of that number were California residents, Marriott would be looking at $300,000,000 in domestic statutory penalties as a minimum for failure to enact reasonable security practices and procedures. The lesson here: this GDPR penalty is a paltry sum compared to what is looming. Jon Baines, Data Protection Advisor, Mischon de Reya : News that the ICO is intending to fine BA £183m and Marriott International £99m is remarkable for a number of reasons. Firstly, and crucially, these are merely ‘notices of intent’ – recent figures obtained by this Firm under the Freedom of Information Act indicate that nearly one in three ICO notices of intent ultimately either get cancelled or result in a lower final penalty. Secondly, the legality and fairness of ICO’s investigative procedure has come under serious – and extraordinary – challenge in the recent case involving Facebook, in which the latter is alleging bias, pre-determination and procedural irregularity. It is quite possible that similar arguments will be aired in any challenge to the notices of intent. Thirdly, the notices of intent were announced initially not by the ICO but by the recipients, under their market notification obligations. To this extent, ICO’s hand has been forced; it will definitely be hoping it has got its factual and legal analyses right, because the challenges coming its way are likely to be robust and costly. Fourthly, these sums are huge, market- influencing ones. Up until now, people were certainly concerned about GDPR, but this news makes it very clear that fines arising from alleged non-compliance have become a major corporate risk factor. No one should over-react to this news. But everyone should pay very close attention to developments. Michael Mittel, CEO, Rapidfire Tools : This is just like HIPAA in the USA, where it took several years, but eventually fines did become a regular occurrence. In the US, half of organisations with HIPAA violations end up closing down and the same will happen with GDPR. If you aren’t a big Not so fine