Search Mobile-alt Envelope Facebook Linkedin Youtube Bell

For those suffering from GDPR panic – start with SAM

Search Mobile-alt Envelope Bell

Find out more below

For those suffering from GDPR panic – start with SAM

With big changes on the horizon for data protection and security, David Chamberlain, Gen. Manager at License Dashboard discusses SAM's role in complying with GDPR.

Published on 7th March 2018

The countdown toward GDPR is on. Friday 25th May marks the enforcement of the EU’s General Data Protection Regulation, and it’s not just IT and Technology sectors that are looking at a complete shift in culture – this will impact every industry, cloud-based or otherwise, that collects, retains, or processes personal data on EU individuals, regardless of physical business location.

In what is being dubbed as the biggest shake-up to the privacy and security landscape, data management will never be the same, with stringent rules on handling personal data, and the subsequent streamlining of its flow inside the European Union

With the threat of fines of up to 4% of a company’s annual revenue, or €20m (whichever is greater) for non-compliance, the mere mention of GDPR has had some companies quaking in their boots. Indeed, the demand for “accountability” and “transparency” has meant that the often neglected responsibilities that many would assume come as standard in data management are under internal scrutiny. That is, companies are scrambling to reach compliance in time.

Choosing SAM as step one in GDPR compliance

Much of the GDPR advice being published is related to infrastructure – technology management, storage, and server security – which fails to address vital issues surrounding IT Asset Management and Discovery.

After 25th May, if a company is found to be in breach of GDPR, as well as dealing with the fine, there will be questions both internally, and from the GDPR auditors around how the company falls short. The IT Department, or rather the CIO, will be held accountable, and will need to be aware of:

  • How many IT devices the company uses
  • Which users have access to these devices
  • All software/apps deployed on these devices
  • Whether these devices are encrypted and how

GDPR means that data privacy and security is no longer an optional add-on, nor a “nice-to-have”, but an essential part of businesses processes. In order to answer these demands, IT leaders must invest in broader SAM competency and appropriate solutions and services from internal or third-party providers. Companies that suffer a data breach may not even be aware the source of the breach even existed on their network, but a mature SAM process prevents that scenario.

You can’t protect what you don’t know you have

IT Asset Management is a key enabler on the journey to GDPR compliance. It offers full visibility of a company’s IT network as well as a reliable data source to present to a GDPR specialist, and as such, the IT department should now be using it to lead the way in developing a resilient data protection strategy.

Tracking IT Assets: Device discovery will provide a complete hardware and software asset inventory across the network. This is a key part of any Software Asset Management process, but crucially, it paves the way toward GDPR compliance. When choosing its Discovery tool, IT departments can ensure that their shortlist takes GDPR into account, meaning their chosen tool will mitigate the likelihood of non-discovered devices.

Monitoring access: A mature SAM programme will account for all software and all user access including traditional software inventory, and software-defined by installation, as well as user-based and subscription software (which is all the more common now due to BYOD). An up-to-date audit will reveal and pinpoint potential vulnerabilities in security, taking into account both direct and indirect access, and address whether any personal data is necessary to complete their tasks.

Locking down data: If the personal data being stored is not necessary for any business purpose, access should be removed, or the data erased altogether. Data encryption and security measures can be put in place if it’s necessary to continue to store the data, meaning only those who truly need access have it. Privacy is confirmed, data is secured, and the number one GDPR priority is met.

Define GDPR policies and procedures by implementing SAM

Software asset management has long been touted as essential in making informed business decisions around IT budgeting and spending within the business as a whole. But the nature of effective SAM means that it exposes flaws in a company’s knowledge of its IT network, highlights potential weak links that could reveal insufficient software licensing, or worse – gaps in security and privacy.

SAM is not a quick-fix, but the processes involved make it dual purpose. And although full GDPR compliance before the 25th May deadline seems like a huge task, having evidence of the efforts made to reach GDPR compliance shows a robust, risk-based approach to data security and privacy.

Source

https://www.readitquik.com/articles/security-2/for-those-suffering-from-gdpr-panic-start-with-sam/

Search
Follow us on social media
Facebook Linkedin Youtube
Get the latest updates
Subscribe here
Copyright © EasySAM 2024

The latest updates straight to your inbox

We just need a few details to get you subscribed

More info

Health Checks

SAMplicity 365 Lite

A simple health check of what's being used across your Office 365 estate in this FREE, Microsoft backed and easy to setup review.

SAMplicity MOT

Just like you would with your vehicle each year, get an annual check up of your software asset management programme.

SAMplicity Process

Overwhelmed by the task of documenting the steps for a successful SAM programme? Get the experts in to help!

SAMplicity Tool Check

Concerned your SAM tools aren't covering your whole estate? Or on the look out for an entirely new tool? Get us in to assist.

Inventory & Compliance

SAMplicity Discovery

Not content with covering all things SAM related, we've teamed up with Capital to provide a comprehensive hardware asset management review.

SAMplicity One

A simple, one-time reconciliation of the software you have deployed versus the licence entitlement you own.

SAMplicity Plus

A regularly scheduled analysis of your organisation's estate, specifically adapted to your needs and budget.

Cloud Readiness & Optimisation

SAMplicity 365

A full appraisal of your Microsoft 365 setup and how best to optimise it through automated recommendations.

SAMplicity Cloud

An add-on to our SAMplicity One, MOT and Plus offerings, quickly diagnose your ability to migrate your resources to the cloud.

Agreement & Audit Support

SAMplicity Contract

In collaboration with law firm Addleshaw Goddard, ensure the legality of your SAM programme and get assistance with any contract disputes.

SAMplicity Response

Available as standard with SAMplicity Plus, ensure you're compliant if you're unexpectedly audited by a vendor.

Learning

SAMplicity Academy

We've teamed up with some of the forefront experts in licensing knowledge so you can teach yourself to be an expert too.

SAMplicity Training

Stumped by the continually evolving complexities of SAM? Join us for one of our comprehensive courses, either in-person or online.

View all services

Addleshaw Goddard

Block 64

Capital

Flexera

ITEXACT

Ivanti

License Dashboard

Licensing School

Raynet

Snow Software

TBSC

View all partners

What is SAM?

Services

Partners

Blog

Events

Knowledge Base

News

Contact Us

Login

Mobile-alt Envelope Facebook Linkedin Youtube Bell

Looking for something specific?

Let's see what we can find - just type in what you're after

Wait! Before you go

Have you signed up to our newsletter yet?

It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!

Subscribe here

Cookie Notice

Our website uses cookies to ensure you have the best experience while you're here.

Accept
Reject