Impact of GDPR on IT service desks for MSPs

Learn how ServiceDesk Plus MSP can help you become GDPR-ready.
GDPR impact on service desk

The General Data Protection Regulation (GDPR), which took effect on May 25, 2018, is a privacy regulation aimed at protecting the personal data of EU residents. The GDPR defines personally identifiable information (PII) as any data that can be used to identify an individual, either alone or in conjunction with other data. If an organization gathers personal data from EU residents, they must comply with the GDPR regardless of where they are situated.

In this context, MSPs are likewise subjected to the GDPR because they collect, store, and handle PII. Personal information that MSPs deal with on a regular basis includes:

  • Names, residential addresses, phone numbers, and email addresses of customers and staff members.
  • Staff information, including current role, department, and employment history.
  • Account, incident, service request, problem, and change records containing users' names, designations, seating locations, etc.
  • Identifiable information about devices issued to staff, like IMEI numbers for mobile phones.
  • Details about technological support provided to customers or staff. For example, information on any assistive technology (e.g. screen readers, speech-to-text technology) used by differently-abled employees.

What should MSPs do to prepare for GDPR compliance?

GDPR compliance for data collection

Data collection

  • Mark fields in the service desk tool that store personal data
  • Encrypt fields in the service desk tool that store personal data
GDPR compliance for file exports

File exports

Control, monitor, and password protect all file exports

GDPR compliance for audit logs

Audit logs

Maintain a complete, tamper-proof, and delete-proof log of all actions on personal data

How does ServiceDesk Plus MSP help you begin your GDPR journey?

PII fields in templates

PII fields in templates

Mark a data field as PII to quickly identify PII from other data when adding an additional field to a template.

Fulfill users' right to be forgotten GDPR right to be forgotten

Fulfill users' right to be forgotten

The right to be forgotten is one of many rights granted to individuals by the GDPR. Users can therefore request that an organization remove all of their personal information, or anonymize it if doing so would interfere with company operations or legal requirements. To honor their right to be forgotten, you may now anonymize users' names and totally remove all of their PII in ServiceDesk Plus MSP.

Encrypt sensitive data

Encrypt sensitive data

One of the critical aspects of the GDPR is the protection of sensitive data. ServiceDesk Plus MSP now offers the option to encrypt sensitive information that is collected and stored from Request Additional Fields. Picklist fields, multiple-line fields, and single-line fields can all be encrypted.

Utilize password protection for backup data

Utilize password protection for backup data

Any unauthorized attempt to open or restore the backup file for ServiceDesk Plus MSP will fail as it will be password protected while setting up the backup process itself.

Anonymize deleted users Anonymize deleted users data

Anonymize deleted users without losing the log of all actions

Data on users who have been removed from the application can be made anonymous via the Deleted Users view. Even after users and their PII are removed from the application, a record of all user actions is retained in the system for future audits.


Stay ahead of GDPR regulations: Upgrade to ServiceDesk Plus MSP's latest version today!

Download now