Compliance as a Service for MSPs – TubbTalk #56

In this week’s interview I’m speaking with a good friend, and CEO of Keepabl, Robert Baugh. Keepabl is anaward winning service solution that solves GDPR headaches for organisations. For MSPs, it really helps them to accelerate their revenue and reduce data risk.

An Interview with Robert Baugh

Robert was previously General Counsel and Director of VC backed growth SaaS companies, when he decided he wanted to start an MSP in compliance. We met when he was scouting Totally MSP and other events to see what launching an MSP involved, what the state of the market was and what issue MSPs were facing. After completing an Engineering Economics and Management Masters degree and then cross qualifying as a lawyer, he naturally gravitated towards technology law. This lead to joining a start-up called LoopUp, before being head hunted to another company. In his roles, Robert recruited MSP providers to help out with the aspects of technology that they needed done quickly. And he wanted to run one. 

There is this great article about your start-up superpower. And Robert felt that that was missing in the industry. He wasn’t feeling any real synergy or electricity with MSPs. It wasn’t until an event in 2017, when everyone was talking about GDPR. All the MSPs customers were asking them about GDPR. They knew the processes, the data and the security. But they were scared of it. There were SaaS providers out there, but they were just too complicated, they were created for specialists. Robert knew he could create something that turned the complex into the simple. Not because MSPs couldn’t understand the complex. But because they already had so much on their plate. That is the superpower of Keepabl. At that is the point Robert switched from wanting to be an MSP, to a vendor for MSPs.

What is Keepabl?

So, what is Keepabl and what does it do?

Robert explains, that the ‘why’ of Keepabl is to joyfully use technology to solve people’s problems and make them feel happier. That’s what’s at the core of Keepabl. Their aim is to build out the salesforce.com or compliance effectively.

Full disclosure I’m an advisor to Keepabl and the reason is that it’s a beautiful product. It’s sophisticated and simple to use and those are words I never thought I’d say in relation to GDPR. But it is, and it absolutely fill the need that MSPs have with GDPR. And I can see so much opportunity going forward. The dislike that people feel towards GDPR, is the exact opportunity that makes Keepabl great. It makes people excited about GDPR.

Keepabl & GDPR Compliance

So, let’s look at those two things in tandem. We started by understanding that GDPR was a complex issue, something that scared most MSPs. Robert put a global company, LoopUp, though ISO 2710, and had felt like he was banging his head against a wall. But once it was done, it all clicked into place. The problem with compliance was that there is so much to understand and people just don’t have the time to take it on and learn it. They need someone else to take care of it for them. 

Keepabl joins these two things. It joyfully uses tech to help solve the complexity of GDPR. MSPs know they need to deal with it, they know they’re going to be asked about it. They know they have warranties within their current contracts surrounding compliance. And they knew their customers were going to want help with it to. But it’s such a big and ambiguous topic. And this is where Keepabl comes in. The Keepabl system is incredibly comprehensive, and yet really, really simple. It does a lot of the heavy lifting in the background without you having to do any of the work. You just need to fill in a few things and it creates all of your reports. One of the great Keepabl features is the is the breach model. If you have a breach, you can enter them into Keepabl to keep a record, which is then sent to the MSP so that they can rapidly contain it. 

What is GDPR?

Let’s rewind a little. We’ve mentioned GDPR quite a lot. And it’s been a few years now since GDPR has become a buzzword. And most people will have heard of it. But what is GDPR in layman’s terms? 

GDPR is the ‘General Data Protection Regulation’ from the EU. It’s general as it applies to every single business, no matter what you do and no matter what you are doing with personal data. It’s not like, for example, HIPPA, which only applies to health information. 

The data protection is not technical in the way that MSPs are used for making sure there is no leakage of data on email or, encryption and security, although this security is fundamental. But, the data protection is with regard to protecting the rights of individuals and their personal data. It’s the general law for everybody, covering everybody, whenever you’re touching personal data about people, using any information that could identify that person. And it’s directly applicable law in every single member state of the EU. 

GDPR has overhauled the data protection laws which have been in place for over 20 years, and it put the individual and their rights front and centre. They have rights to access and erase their data. And the ‘right to be forgotten’ by any company that holds their data.

The fines that go along with GDPR have the potential to be huge. And so regulating the data and ensuring the risks are mitigated are highly important.  

Even though it applies to all EU member states, it has already been decided that if (when) the UK leaves the EU we will still maintain the GDPR law. It will just change from an EU to a UK law. This means that in future, there will potentially be the need to comply with two lasts (the UK and EU) if you need to transfer data from the EU to the UK or vice versa in your MSP.

Requirements for GDPR in MSPs

MSPs need information security policies. And they need data protection policies. GDPR is a live thing for MSPs. Particularly if they deal with regulated industries such as health or finance sector. But it works both ways. Not only do they need to have both good GDPR practices themselves, but they also need to be able to provide the same thing to their customers. 

Cisco did a study in Jan 2018 and February 2019. Both figures showed that 87% of businesses have a sales delay due to privacy concerns. That delay can be reduced by up to 40% if the MSP is GDPR compliant. On average, the sales delay is 5 and a half weeks. So if you can reduce a five and a half week sales delay by 40% just by easily showing compliance, what kind of impact would that have on your business? Being compliant, and being able to prove it, also reduces your risk of data breach and the same Cisco study showed that there is a 42% reduction in the chance of you having a data breach that costs you over half a million dollars in 12 months if you are GDPR compliant. Not only is the risk of breach reduced, but because you’ve complied with GDPR and reviewed your data practices the cost of the number of data records breached are reduced, the downtime is significantly reduced and therefore the cost is reduced. So GDPR is very much about managing that risk, ensuring business continuity and managing not just the financial part, but the PR aspects and the contractual impacts on customer wins. 

There is a crossover here between GDPR compliance in general and cyber security. Although they are not the same thing. They go hand in hand. So for MSPs, when trying to describe to them their requirements with GDPR and what their customers are going to expect of them, data security, cyber security and the wider information security arena is often mentioned. Their clients are going to turn to them for advice on all of this. This is where Keepabl comes in. 

How Does Keepabl Help MSPs to Keep Their Clients Safe?

GDPR is not a technology law. It’s a data protection law. Security is fundamental to GDPR. But it’s about 15% of GDPR.

There is a whole load of other stuff about GDPR that need to be there apart from security. They are like siblings, they go very well together. Two thirds of breaches reported to the UK ICO are not about security. It’s more about cultural stuff such as disclosure of data, and people sending the wrong email. Not about failure of technology. 

So security itself is not purely a technology job. It’s a consulting job and MSPs are starting to offer more and more. There is a responsibility to advise your customer to implement and to understand that security is fundamental to everything. And it’s the same with data protection. By providing both security by design and privacy by design MSPs can look after customers more holistically, build on the trusted advisor relationship and not only get more of the customers purse, but also by offering this, they are securing the customers relationship.

What is Privacy as a Service?

Robert coined (or at least popularised)  the term ‘compliance as a service’. The most progressive MSPs jump upon compliance or privacy as a service for all the reasons that you’ve mentioned. And whether or not MSPs clients ask for this, they are going to need it. So many MSPs are offering higher revenue based packages to look after compliance for them. We are seeing MSPs that are using Keepabl going down that route, they are offering the essential compliance services as well as lowering the overall cost of support. 

How Can Keepabl Help an MSP Do This? 

Keepabl is the app that they’ve been looking for to simplify GDPR. Not only does it allow them to take control of their own GDPR, but it also helps them manage relationships with customers. They can offer training, and policy packs, plus procedures and templates. The software can be used as a service that give you real visualisation and gamification of your KPIs, shows you where you are, where your gaps are and when we get you to 100% you can use it to show people that, but more importantly we can use it to drive ongoing compliance. So the MSP can offer the managed service role in compliance as a service on a nice recurring revenue basis, using Keepabl as the platform. MSPs can actually start selling and pushing the services that often clients pushed back on before. Read more about how MSPs can benefit from 

GDPR as a Sales Tool

In my opinion, GDPR is the best sales tool that has come along for MSPs in forever. 

Backup and disaster recovery is a classic. Beforehand customers weren’t sure of the legal obligation. Did they need it? Was it necessary? Or was it just good practice. But now, with GDPR there is an obligation to have appropriate security measures in place to make sure you protect the confidentiality, integrity and availability of the information. If you don’t have good backup and disaster recover you are not meeting GDPR obligations.

GDPR gives those conversations that urgency. This is why Keepabl is such a powerful platform. And why it’s so important to the future of managed services as I believe that is along the lines of MSPS helping companies with their business processes and that includes compliance. Read more about how MSPs can benefit from GDPR.

The Future of Managed Services and the Role of Compliance

Margins are being squeezed for small, local MSPs who’s customers are going direct to the cloud to get the services from there instead of via an MSP. The MSPs ability to show value to the customer is difficult, as a lot of what they have done is invisible. So, how can MSPs move away from the traditional model? With the move to the cloud, MSPs are moving into security services and compliance as it has a higher margin. GDPR is the next aspect of that. People will pay for the security aspect, plus they want things to be ‘taken care of’ for them. When customers question GDPR policies, MSPs using Keepabl can ensure the customer continually has really great answers to give those customers and those auditors. 

So What’s Next for Keepabl?

Keepabl is allowing MSPs to sell compliance as a service, which allows them to take really high value recurring revenue. I’ll just finish up by saying, if you’re not having those conversations with your clients, with your prospects, your competitors, it will be something that you cannot ignore. Whatever you reaction to GDPR, it is an opportunity as an MSP. We certainly have a lot of uncertainty as a country with Brexit, but with Keepabl it’s a very exciting time for managed service providers. 

Want to get in touch with Robert? You’ll find all of his contact details in the show notes below.

Mentioned in this episode

• Keepabl
• Totally MSP
• LoopUp
• FinTech Power 50
• Beachhead Solutions
• Wiggan Law Firm
• Datto
• Tresorit
• Techsapiens
• ZedSphere
• DattoCon
• Reply

Contact Robert

Twitter: @RJBaugh
LinkedIn: Robert Baugh
Email: he***@Ke*****.com 

Connect with me

• Subscribe to TubbTalk RSS feed
• Subscribe, rate and review TubbTalk in iTunes
• Subscribe, rate and review TubbTalk on Stitcher Radio
• Subscribe and rate TubbTalk on Spotify
• Follow TubbTalk on iHeartRadio
• Follow @tubblog on Twitter

You Might Also Be Interested In

• Keepabl – Powerful Compliance-as-a-Service for MSPs
• Best Practices for Running a Successful MSP – Live Video 
• Cyber Security for Small Businesses

You might like: