GDPR and the implications for ITAM Managers

BASINGSTOKE, U.K. - Oct. 19, 2017 - PRLog -- What is GDPR?

The EU General Data Protection Regulation (GDPR) will be implemented in the European Union (EU) on 25 May 2018, when it supersedes the 28 current national data protection laws.

The aim of GDPR is to strengthen individuals' privacy and security rights, as well as to simplify the flow of personal data in the EU. It applies to any organisation, whether or not it is based in the EU that collects, retains or processes the personal data of EU individuals. It will be a key requirement for organisations to ensure that personal data held is secure, and to prevent data breaches through encryption measures.

Why is GDPR important?

If in breach of the Regulation, organisations can expect fines of up to 4% of their annual global turnover or €20 million. These are significant increases on existing penalties. In many cases, if the fines are applied in full it could mean a significant threat to the future of an organization.

Does Brexit mean the UK does not have to comply?

Although the UK voted to leave the EU the GDPR will still apply. Firstly, the UK will still be an EU member when GDPR comes into force; and secondly, GDPR contains an extraterritoriality clause. This means that any data processor handling EU citizen data is within scope of GDPR, irrespective of the geographical location of the data processing. So if an organization handles data on EU citizens and organizations, or sells services, such as cloud and datacentre hosting, they will need to comply with the EU rules. It is also expected that the UK will permanently adopt similar rules in order to facilitate data transfer between countries.

What is the impact of GDPR on ITAM/SAM Manager?

ITAM managers will need to play a crucial role in ensuring their organizations are GDPR compliant. Quite simply it is essential to know what devices are deployed, where they are and what software they can access. Without this information data cannot be protected.

Here is a checklist for ITAM managers contributing to GDPR compliance:

• Know what devices are deployed and where they are. Having discovery agents on 80% of an estate means 20% are potentially the greatest biggest risk. An agentless scan can be a fast and effective way to fill the gaps in asset knowledge of devices and what software is installed.
• Know who uses what. It is not good enough to know just your soft inventory. Knowing who has access to key software applications and data and who actually uses key applications will enable the tracing of users in the event of a security breach A large proportion of security breaches are internal, either deliberate or through negligence. Deploying a software usage tracking and analysis tool will identify who is responsible for a data breach and in some cases enable preventative measures.
• Encrypt devices, portable media and mobile phones. If an encrypted device is mislaid or stolen the information residing on it is protected. A managed encryption service is quick and easy to deploy and provides data security in the event of a security breach.
• Protect confidential ITAM data. ITAM managers keep sensitive information about staff, suppliers and contractual terms. These must be secured as GDPR affects companies and other organizations, not just individuals.

The Business Software Centre (https://businesssoftwarecentre.com/free-discovery-and-inv...)  are offering free tools to assist you to gain a better visibility of your inventory. The scans can be tailored to your requirements and we need to confirm your eligibility with a short call. (*) GDPR discovery is a quick and simple solution for creating an inventory of your organisations IT assets.Key features include:


• Agentless scanning and discovery of IT assets on your network
• Inventories of devices, operating systems and hardware
• Records both physical hosts and virtual servers
• Details of peripheral devices and printers capable of holding documents
• Compatible with Windows, Macs, Unix, Linux, VMware, mobile devices
• Rapid scanning to complete an inventory in a few days
• Options for continuous scanning to report changes and updates
• Highlighting of unknown devices not categorised in "known" operating systems
• Links to a managed encryption service for device and data protection

Reduce the data security risk of your organisation's devices with a comprehensive inventory report of your IT Assets. Don't take a chance – run your GDPR discovery before it is too late.