The General Data Protection Regulation (GDPR), which took effect on May 25, 2018, is a privacy regulation aimed at protecting the personal data of EU residents. The GDPR defines personally identifiable information (PII) as any data that can be used to identify an individual, either alone or in conjunction with other data. If an organization gathers personal data from EU residents, they must comply with the GDPR regardless of where they are situated.
In this context, MSPs are likewise subjected to the GDPR because they collect, store, and handle PII. Personal information that MSPs deal with on a regular basis includes:
Control, monitor, and password protect all file exports
Maintain a complete, tamper-proof, and delete-proof log of all actions on personal data
Mark a data field as PII to quickly identify PII from other data when adding an additional field to a template.
The right to be forgotten is one of many rights granted to individuals by the GDPR. Users can therefore request that an organization remove all of their personal information, or anonymize it if doing so would interfere with company operations or legal requirements. To honor their right to be forgotten, you may now anonymize users' names and totally remove all of their PII in ServiceDesk Plus MSP.
One of the critical aspects of the GDPR is the protection of sensitive data. ServiceDesk Plus MSP now offers the option to encrypt sensitive information that is collected and stored from Request Additional Fields. Picklist fields, multiple-line fields, and single-line fields can all be encrypted.
Any unauthorized attempt to open or restore the backup file for ServiceDesk Plus MSP will fail as it will be password protected while setting up the backup process itself.
Data on users who have been removed from the application can be made anonymous via the Deleted Users view. Even after users and their PII are removed from the application, a record of all user actions is retained in the system for future audits.