The General Data Protection Regulation (GDPR) is a game changer in the data privacy and protection arena. This regulation aims to give European Union (EU) residents rights over what, how, why, where, and when their personal data is used. Looking past the hefty fines for noncompliance (20 million or four percent of your annual turnover), you can probably tell that the GDPR is focused on protecting residents' fundamental rights to privacy.
It s not just for European companies. It s for companies all over the world.
According to Forrester, So if you think the GDPR doesn't apply to you because your business is based outside the EU, you may be wrong.
Every organization regardless of its location doing business with EU customers will need to make changes to its oversight, technology, processes, and people to comply with the new rules.
Data privacy: it s about to get more personal.
The GDPR clearly defines what is included in the scope of personal data, which is referred to as personally identifiable information (PII). PII includes any data (on its own or included with any other information) that can be used to identify an individual. This puts a lot of information that many companies collect on a daily basis on the GDPR's radar.
GDPR compliance: it s not just the legal department s job.
Because this regulation has legal implications, many departments in an organization assume that only the legal team is liable for handling GDPR compliance, but this is a misconception; attaining GDPR compliance is an impossible task if not shared throughout your business. Each department collects, processes, and stores different types of personal data, which requires a thorough understanding of how data flows within each of these departments to even begin preparing for GDPR compliance.
How this affects service desks.
IT service desks constantly deal with personal data. For example, service request templates invariably require a first name, last name, email, and phone number. That puts all IT service desks that collect, process, or store personal data of EU residents under the GDPR's scruntiny and dictates the need for a proper compliance program for IT service management.
The road to GDPR compliance.
The first step to GDPR compliance is identifying all the personal data collected, processed, or stored by your IT service desks. Once you've tackled that, you'll be able to understand how this data is used within your organization. Once you've mapped the journey of personal data through your ITSM workflows, it s only a matter of time before you realize you need a tool that can help you comply with the GDPR.
Of course, this is all easier said than done.
That's why our director of product management, Rajesh Ganesan (@rajesh05), will break down the nuances of the GDPR for you and provide you with the actionable steps required to create your plan for GDPR compliance. He'll also demonstrate how ManageEngine can help you get prepared.