Can digital transformation, IT security and GDPR compliance all be prioritised? by Natasha Bougourd from TSG


Digital transformation is still a hot topic in both the business and technology world, but many business leaders are unclear on how to enact it. There’s a misconception that digital transformation is about splashing the cash on technology that has a lot of bells and whistles, or that it’s only for large enterprises. This couldn’t be further from the truth.

Another mistake people make when it comes to digital transformation is to consider it impossible without a large in-house IT team. Whilst it’s imperative to have IT representatives at the highest level in your business in order to drive true digital transformation, reducing the burden of an in-house IT team could actually allow your business to focus on innovation and growth.

Businesses are increasing the amount of IT services that they outsource, as well as increasing spend on outsourcing (Computer Economics). Unsurprisingly, the fastest-growing area for outsourcing is IT security; 47% of respondents plan to spend more on outsourced IT security services.

The shift towards outsourcing IT security makes sense with the ever-increasing cyberthreat landscape. Highly-skilled cybersecurity experts are hard to come by – a record 51% of organisations say they’re experiencing a “problematic shortage” of cybersecurity specialists (ESG). However, managed IT service providers are guaranteed to hire more of these specialists. Instead of struggling to hire an in-house cybersecurity whizz, particularly if you’re a small-to-medium-sized business, why not tap into the resources of your IT support provider? It’ll undoubtedly have a wide skillset simply because it’s their job to have one in order to serve its customers.

Another area businesses are considering outsourcing is their GDPR compliance. It makes sense, as the two go hand-in-hand; cybersecurity is critical to ensuring compliance with the General Data Protection Regulation, with fines expected to be dished out for a lack of security implementation in the event of a data breach.

As a data controller, you can’t escape implementing internal policies and procedures that set out the way you collect and process Personally Identifiable Information (PII). But your managed IT services provider can help you understand the best security measures not only for your data, but to protect your business against all kinds of malware and hacker activity. 

The good news is, if you’re a smaller organisation, you can outsource the GDPR-mandated role of Data Protection Officer (DPO). For a long time, there was confusion around whether small businesses – defined as those with fewer than 250 employees or 5000 records – required a DPO, but the Information Commissioners’ Office (ICO) cleared this up by stating there was no exemption for SMEs. However, rather than requiring an increase in headcount, small businesses could appoint the DPO responsibilities to an existing employee or, more realistically, outsource the role of DPO and even ‘share’ a DPO with other small organisations.  

This not only aids businesses in their GDPR compliance, but can save a significant portion of your budget; one of the biggest benefits of outsourced IT. You shouldn’t, of course, outsource your IT support services solely for cost-saving purposes, but if done correctly, outsourcing can allow your business to grow through freeing up resource to focus on transformation. M&S has recently outsourced a large portion of its IT support as part of its 5-year Technology Transformation Programme; however, the business retained a smaller in-house team, demonstrating that outsourcing doesn’t mean getting rid of your entire IT department.

There are also some risks to consider too. Outsourcing certain IT projects – for example, the implementation and support of your CRM solution – means there’s an additional party with access to sensitive data, which could potentially increase your business’ attack surface. To mitigate this, it’s important to choose an IT services provider that is fully committed not only to its own GDPR compliance, but to the compliance of its customers too. A high-quality IT support company will have in place the most sophisticated technologies to protect its data and yours – technologies that you could take advantage of as a customer.

Many businesses are also concerned about the response times associated with remote, outsourced IT support teams. It’s understandable, as depending on the level of staff you retain, your IT helpdesk could very well be situated in an office hundreds of miles away. However, IT support services are ever-evolving, with many businesses offering remote services with unlimited telephone support. Some are so sophisticated that they’ll designate a support agent to be on-site with you every day. This again depends on the business that you’re dealing with; if they’re hard to reach, you might not want to entrust them with your business-critical systems that need immediate attention.

IT support is at a crossroads; it’s vital to the performance of any business with our ever-increasing reliance on technology. But for many it’s expensive, time-consuming and only exists out of necessity rather than innovation. Outsourcing IT services, and in particular IT support and IT security can take this off your business’ plate and allow you to focus on the ambitious transformational targets that will set your business apart from the competition. 

With GDPR and break-fix IT support considered a burden by many organisations, outsourcing could well be the answer. There are some careful considerations to make, however; your decision to outsource some or all of your IT shouldn’t be based on saving money alone. You need to ensure you choose a robust and established IT support provider that follows best practice rules. The benefits, such as cost-savings and a wider talent pool should be weighed against the potential downfalls, like an additional third-party business accessing your data or unworkable response times. With more businesses than ever outsourcing IT support, it’s time this became a real consideration.

About the author:

Natasha Bougourd is TSG’s Lead Applications Writer, specialising in business IT support, Office 365, Dynamics 365 and business intelligence. 

is an IT support company that has expertise across a wide range of technologies and has helped businesses achieve GDPR compliance through the use of technology. From Office 365 to Sage and Pegasus ERP solutions to IT support, infrastructure and cyber-security solutions, TSG has a highly-skilled workforce working across all areas of business tech. Holding 8 Microsoft Gold competencies, TSG places focus on a highly-skilled and qualified workforce with over 1000 recognised accreditations between its team of experts, including MSCE Certifications, Prince2 and ITIL qualifications.

June 7, 2018


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023