The countdown toward GDPR is on. Friday 25th May marks the enforcement of the EU’s General Data Protection Regulation, and it’s not just IT and Technology sectors that are looking at a complete shift in culture – this will impact every industry, cloud-based or otherwise, that collects, retains, or processes personal data on EU individuals, regardless of physical business location.
In what is being dubbed as the biggest shake-up to the privacy and security landscape, data management will never be the same, with stringent rules on handling personal data, and the subsequent streamlining of its flow inside the European Union
With the threat of fines of up to 4% of a company’s annual revenue, or €20m (whichever is greater) for non-compliance, the mere mention of GDPR has had some companies quaking in their boots. Indeed, the demand for “accountability” and “transparency” has meant that the often neglected responsibilities that many would assume come as standard in data management are under internal scrutiny. That is, companies are scrambling to reach compliance in time.
Much of the GDPR advice being published is related to infrastructure – technology management, storage, and server security – which fails to address vital issues surrounding IT Asset Management and Discovery.
After 25th May, if a company is found to be in breach of GDPR, as well as dealing with the fine, there will be questions both internally, and from the GDPR auditors around how the company falls short. The IT Department, or rather the CIO, will be held accountable, and will need to be aware of:
GDPR means that data privacy and security is no longer an optional add-on, nor a “nice-to-have”, but an essential part of businesses processes. In order to answer these demands, IT leaders must invest in broader SAM competency and appropriate solutions and services from internal or third-party providers. Companies that suffer a data breach may not even be aware the source of the breach even existed on their network, but a mature SAM process prevents that scenario.
IT Asset Management is a key enabler on the journey to GDPR compliance. It offers full visibility of a company’s IT network as well as a reliable data source to present to a GDPR specialist, and as such, the IT department should now be using it to lead the way in developing a resilient data protection strategy.
Tracking IT Assets: Device discovery will provide a complete hardware and software asset inventory across the network. This is a key part of any Software Asset Management process, but crucially, it paves the way toward GDPR compliance. When choosing its Discovery tool, IT departments can ensure that their shortlist takes GDPR into account, meaning their chosen tool will mitigate the likelihood of non-discovered devices.
Monitoring access: A mature SAM programme will account for all software and all user access including traditional software inventory, and software-defined by installation, as well as user-based and subscription software (which is all the more common now due to BYOD). An up-to-date audit will reveal and pinpoint potential vulnerabilities in security, taking into account both direct and indirect access, and address whether any personal data is necessary to complete their tasks.
Locking down data: If the personal data being stored is not necessary for any business purpose, access should be removed, or the data erased altogether. Data encryption and security measures can be put in place if it’s necessary to continue to store the data, meaning only those who truly need access have it. Privacy is confirmed, data is secured, and the number one GDPR priority is met.
Software asset management has long been touted as essential in making informed business decisions around IT budgeting and spending within the business as a whole. But the nature of effective SAM means that it exposes flaws in a company’s knowledge of its IT network, highlights potential weak links that could reveal insufficient software licensing, or worse – gaps in security and privacy.
SAM is not a quick-fix, but the processes involved make it dual purpose. And although full GDPR compliance before the 25th May deadline seems like a huge task, having evidence of the efforts made to reach GDPR compliance shows a robust, risk-based approach to data security and privacy.
Pexels
"*" indicates required fields
Software Asset Management is a business practice that involves managing and optimising the life cycle of software within an organisation.
Software asset management is relevant to many facets of a business - take a look at some of the roles that it can form part of the focus of.
Software vendors come in all shape and sizes - all with their own set of licensing models and rules. We take a look at just a few of them.
As a constantly evolving subject, SAM is not without its challenges. We take a look at some of the most common ones.
Wondering what an investment in SAM could do for your business? Fill out a few details and find out what return you could get!
Answer a few questions about your SAM infrastructure & experience, and we'll put together a personalised recommendation for the future.
A simple health check of what's being used across your Office 365 estate in this FREE, Microsoft backed and easy to setup review.
Just like you would with your vehicle each year, get an annual check up of your software asset management programme.
Overwhelmed by the task of documenting the steps for a successful SAM programme? Get the experts in to help!
Concerned your SAM tools aren't covering your whole estate? Or on the look out for an entirely new tool? Get us in to assist.
Not content with covering all things SAM related, we've teamed up with Capital to provide a comprehensive hardware asset management review.
A simple, one-time reconciliation of the software you have deployed versus the licence entitlement you own.
A regularly scheduled analysis of your organisation's estate, specifically adapted to your needs and budget.
A full appraisal of your Microsoft 365 setup and how best to optimise it through automated recommendations.
An add-on to our SAMplicity One, MOT and Plus offerings, quickly diagnose your ability to migrate your resources to the cloud.
In collaboration with law firm Addleshaw Goddard, ensure the legality of your SAM programme and get assistance with any contract disputes.
Available as standard with SAMplicity Plus, ensure you're compliant if you're unexpectedly audited by a vendor.
We've teamed up with some of the forefront experts in licensing knowledge so you can teach yourself to be an expert too.
Stumped by the continually evolving complexities of SAM? Join us for one of our comprehensive courses, either in-person or online.
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!