In this e-book, we'll explore in detail about the role of the IT service desk in the context of the GDPR, how the GDPR impacts IT service desks, and how to build a compliance program for IT service desks.
The GDPR and ITSM
Implemented on May 25th, 2018, the GDPR is a regulation drafted by the EU to protect the privacy of EU residents. It brings together a set of rules that provides these individuals with rights over their personal data.
IT service management (ITSM) sits at the heart of every IT infrastructure, providing the IT support businesses need to achieve their goals.
Key aspects of the GDPR in the context of ITSM
Any information relating to a data subject (identified or identifiable natural person)
Person - Name, Phone, Email, Company, Designation, Address and Location.
Access - Login ID
Asset - IP Address, MAC Address, IMEI, UDID
Who are the key players?
Data controller - A person who decides how personal data is going to be processed.
Data processor - A person who processes data on behalf of the controller.
Are you using IT service desk applications?
You could be both the data controller and the data processor if you use on-premises applications.
You are the data controller while the cloud vendor is the data processor if you use cloud applications.
What are the key data subject rights under GDPR?
Right to access
Right to be forgotten
Right to rectification
Right to data portability
Right to object
Right to restriction of processing
What are the key aspects of ITSM influenced by the GDPR?
Here are the 8 key aspects of how GDPR impacts ITSM:
User management: Manage users, create user roles and groups, manage access privileges, and maintain an accurate database of all users.
Request management: Maintain channels for raising requests, facilitate request fulfillment, and manage the complete request life cycle.
Change management: Update an old system (e.g. patching or software upgrades), or create a new system (e.g. setting up a data center).
Asset management: Commission, maintain, decommission, and take inventory of IT assets. Reporting: Measure the performance of the IT service desk, and continually improve productivity.
Notification and communication: Streamline the constant flow of information moving in and out of the IT service desk.
Maintenance activities: Track and maintain the list of necessary, repetitive tasks that address the overall health of your IT infrastructure.
Integrations: Seemlessly integrate with other tools used in your organization to implement a change or fulfill a request.
What are the IT service desk practices that could compromise data privacy?