Truemag

  • Subscribe
    • New Subscription
    • Account Updates
    • Customer Service
  • News & Events
    • News
    • Events
  • Advertise
    • Media Kit
    • Reprints
    • Contacts
  • Editorial
    • Podcasts
    • Current Articles
    • Digital Editions
    • eNewsletter
    • Editor’s Desk
    • Edit Calendar
    • Contacts
  • Buyers Guide
    • Search
    • Sponsor Index
    • Vendor Update
  • Annual Software Ranking
    • Ranking Form
    • Annual Software Ranking
    • 2018 Software Ranking File Package

Working Towards the General Data Protection Regulation. Your GDPR Preparation starts with Software Asset Management.

By Ben Eagling

Now that 2018 is here, the countdown to May 25th—the looming enforcement date of the European Union’s (EU) General Data Protection Regulation (GDPR)—doesn’t seem so far away.

Designed to address lapsed areas within the current data protection and security rules relating to the personal data of individuals including names, addresses, phone numbers, account numbers, email and IP addresses, GDPR is dubbed as one of the biggest shake ups to data management.

This new legislation forces any company that holds personal information on EU residents to be fully prepared at all times to respond promptly and comprehensively to any subject access request (SAR) from an individual relating to their data. To prepare, businesses should carefully consider how and where they store data, who is able to access it, and how they are working to protect it from data breaches. Failure to follow any of these basic principles could result in a hefty fine of up to 20 million Euros or four percent of the business’ global annual turnover, whichever is greater.

The Complexities of Preparing for GDPR
Most GDPR preparation guides rightfully touch on server security, software security, and storage security. But what about the role of IT Asset Management (ITAM) in the GDPR update process?

To establish complete data protection compliance in line with GDPR rules, organizations must account for every element within their IT network—ensuring no device, program, software, or user is left undetected.

This process is no easy task for even the most experienced and technically minded staff, particularly considering the surging infiltration of modern digital technologies—Internet of Things (IoT) devices, cloud, tablets, and mobile devices to name a few—into the professional IT estate. While these trends encourage agile and streamlined workflows, the by-product is often a blurred and complicated IT environment where many lack full visibility of their hardware estate let alone what software is installed on them. To make matters more complex, should the company allow employees to bring their own device (BYOD) to work, then visibility of those individual devices and the data they hold is restricted.

In their preparations for GDPR, IT departments and ITAM managers need visibility and control of the organization’s entire IT environment. It is impossible to protect and encrypt what you do not know you have. And this is where Software Asset Management (SAM) comes into play.

Once assets are fully uncovered, licenses tracked, and usage statistics calculated, organizations have a solid foundation for building their GDPR compliance.

Device discovery is the act of tracking IT assets deployed across the network. Delivering a full hardware and software asset inventory is step one in an organization’s SAM journey, but it’s also a major first step on the journey toward GDPR compliance. IT departments will have a set of achievements or must haves when choosing its discovery tool(s), and if mitigating the likelihood of a GDPR breach of non-discovered devices is top of the list, device discovery becomes a valuable, dual-purpose practice.

A spotlight on software is also important. Having a mature SAM program makes it possible to monitor the software each user can access and address whether personal data is necessary for their tasks. This includes both traditional software inventory, or software defined by installation, as well as user-based and subscription software, which is more common now due to BYOD. An audit highlights all devices and key applications being used, making it possible to quickly analyze data and pinpoint potential vulnerabilities. In terms of SAM, users with both direct and indirect access pose a threat to breaking the terms of a licensing agreement, and this can also be the case for GDPR security.

Data lockdown. If personal data is not necessary for business purposes, it should be deleted. If it is necessary, security measures and encryption should be put in place to restrict access only to those who need it. An easy to deploy solution means that data remains secure, which is the top GDPR priority.

Organizations with an established process for managing the software lifespan and a mature SAM solution are at a huge advantage, but technical measures that protect privacy must be incorporated in the design of the IT system. Consider conducting a Privacy Impact Assessment if your organization stores employee or client personal information to demonstrate compliance and detect any problems with privacy.

Compliance Starts Here
Taking steps to improve data privacy and protection is not an optional add on or bonus feature of business, but rather an essential and active area of GDPR compliance. And ITAM plays a vital part in this practice while also saving valuable time and resource. It is worth bearing in mind that simply establishing a SAM solution is not the be all and end all of GDPR compliance, and that continuous work is needed in order to not only discover the full IT estate, but also to keep it up to date—just like business operations, software licensing needs to evolve and mature.

ITAM is a key enabler on your journey to GDPR compliance providing you with complete visibility and a reliable data source to take to your GDPR specialist.

Ben Eagling is the marketing manager for License Dashboard. He has worked as a marketing professional for nine years, with four years spent in the IT sector. Working closely with software and licensing experts within the company, Eagling produces regular content on SAM tools, services, and market insights.

Feb2018, Software Magazine

Nov 8, 2017Olivia Cahoon
Eliminate Fishing Expeditions in 2018Monetization and Cloud Deployment
Product Centrics
TrueNAS Open Source Storage Platform brings Full Windows ACL Support to Linux

Fully featured Windows file system ACLs are well supported in TrueNAS 12.0 (CORE and Enterprise), but not generally supported by Linux. Thanks to some innovation, and sweat from the iXsystems engineering team, TrueNAS SCALE 21.08...

Driving Successful Digital Transformation Initiatives in 2022

Well, the end of the year is the perfect time to reflect on all the past year's activities and plan for the coming year. As we plan for 2022, one thing...

Recovery Platforms

Established in 2013, Imanis Data, previously Talena...

Data Driven Efficiency

Founded in 2003, Tableau is a public software company...

Updated Hitachi CRM

Building Product Manufacturers (BPM) require...

Quick Links
Untitled Document
SW500 SW500 SW500 SW500 SW500
2022 © Rockport Custom Publishing, LLC