ITSM in 2019: Are You Ready for GDPR?

Share on linkedin
Share on facebook
Share on twitter

The General Data Protection Regulation is already affecting companies worldwide

The General Data Protection Regulation, or GDPR, went into effect in May 2018. This comprehensive new set of rules is intended to protect the private information of European Union (EU) citizens, wherever they are in the world. This has significant implications for any company that does business with EU citizens, wherever that company is located.

GDPR: What It Is and Why It Matters

GDPR officially took effect on May 25. It is designed and intended to protect the personally identifiable information (PII) of European Union (EU) citizens, wherever those citizens happen to be in the world. This means that no matter where your business is located, if you do business with EU citizens, your business must comply with GDPR, and be able to demonstrate compliance in response to regulator demands.

Under GDPR, every organization that touches EU PII is either a “controller” or a “processor.” Basically, controllers are considered “owners” of the data, while processors process the data on behalf of controllers, but do not own it. And controllers can be held liable for lapses in PII security caused by processors working with them. This is why controllers and processors typically work under Data Processing Agreements that spell out the specifics of the processes and security measures in place.

Whether your business is a controller, a processor, or both, penalties for non-compliance with GDPR are huge. The lowest-tier penalty is two percent of your business’ global annual revenues, or 10 million Euros, whichever is higher. There is a second, higher tier as well. At that level, Each GDPR violation can cost as much as four percent of your business’ global annual revenues worldwide, or 20 million Euros, whichever is higher. Regulators have reportedly indicated that bans on violating businesses are possible as well.

GDPR in 2019: Here Come the Penalties

Every EU member state has a Data Processing Authority (DPA) responsible for enforcing GDPR. Businesses are expected to self-report breaches that could threaten EU PII to their DPA within 72 hours of discovering the breach.

The DPA for the United Kingdom (UK) is the Information Commissioner’s Office (ICO). In April 2018, the month before GDPR took effect, the ICO received reports of 367 breaches. In June, the first full month after GDPR took effect, the ICO received 1,792 such reports.

Not all breaches are GDPR violations, but some are very likely to be. And with violations will come fines, bans, and reputational damage. Great reasons to minimize breaches and maximize PII control, security, and transparency at your business.

GDPR: How Best to Prepare?

It almost doesn’t matter whether your business is a GDPR controller, processor, or both. GDPR still represents a clarion call to all IT decision makers to devote serious attention to knowing where, when, and why PII traverses any part of their business’ IT estate.

The knowledge you need starts with whatever your business knows about the core of its IT infrastructure. This includes your endpoint devices, your servers, your cloud-based services, and your most critical applications. You also need to be able to map and track the interconnections that link all of those elements to one another and to your users.

To achieve and maintain the knowledge you need, you need four enablers – effective IT asset management (ITAM), IT service management (ITSM), a configuration management database (CMDB), and interoperability among all three. Your ITAM and ITSM solutions can map and track what’s in your IT infrastructure. The CMDB is your key to mapping and tracking the relationships among your infrastructure elements and users.

All of these solutions must also be closely harmonized with cyber security initiatives at your business. (A recent webinar co-hosted by Virima and follow-up address the bringing together of IT and cyber security operations and management in detail.)

GDPR is just the latest high-profile effort to protect PII and punish those who fail to do so. More such regulations are coming, during and beyond 2019. Protection for your business begins with the technologies and processes that govern its IT and cyber security operations. If your business hasn’t yet begun pursuing ITAM, ITSM, or CMDB deployment, it may now have sufficient inducement to do so.

Get Your IT Management “GDPR-Ready” with Virima

Virima’s solutions for IT asset management (ITAM) and IT service management (ITSM) can help you need protect the PII of your customers and users, and your company. Virima solutions can automatically discover and map your critical IT resources and the interconnections that link them to one another, your applications and services, and your users. In addition, they’re built to be easy to use and configure, and to produce useful, actionable reports about your IT environment, for IT managers and business decision makers. These features can help you and your IT management team comply with GDPR and other regulations, and maximize the flexibility and security of your IT estate.

Learn more about Virima’s IT and service management solutions online, or contact Virima today. Let us help your business meet and exceed the requirements of GDPR.

Share on linkedin
Share on facebook
Share on twitter

Subscribe to Our Newsletter

More to Explore

To understand the business value of service mapping, it’s important to shift to a service delivery mindset, rather than thinking about delivering infrastructure, equipment, software, and applications. Defining services is relatively simple if thought of as the commoditization of what’s…

Service mapping - the area of configuration management that perplexes so many IT professionals, yet that which provides the highest value in Configuration Management Database (CMDB) projects. There are several major reasons IT gets stopped when it comes to service…

The world of service management has changed as technology has shifted from providing tools for administrative support to being fully embedded in the delivery of the business’ core function. There’s a world of difference between using an accounts payable system…

The Configuration Management Database (CMDB) provides a single database that contains information about the enterprise’s assets, both logical and physical. In modern service management platforms, it provides core functionality that is referenced by all of the service management practices, including…

The importance of discovery comes from what it provides to the users of the Configuration Management Data Base (CMDB): trustworthy data and greater speed to value. Without discovery, the CMDB is built by feeds and data entry, which can lead…

There is an old saying that you can’t manage something unless you can measure it. Asset discovery can provide you with accurate and up-to-date data and information about everything you use in IT. You can then develop metrics using the…

Atlanta, Mar 19, 2020 (Issuewire.com)  - Virima Technologies Inc, a provider of CMDB, Discovery, IT Asset Management and IT Service Management (ITAM & ITSM) solutions, today announced that it has recently completed its Service Organization Controls 2 (SOC 2) examination under the Statement…

The most significant ServiceNow CMDB best practice is having a system with data you can trust.  ServiceNow will tell you that your stakeholders will tell you that and IT service management (ITSM) professionals will tell you that.  Achieving high-quality configuration…

CMDB - configuration management database - value potential is undisputed, you need to be careful and not blindly jump into implementation without having a clear plan in place about how this powerful tool will be used within your organization.  Here…

The past decade has introduced a tremendous change in the IT industry.  If you were to compare your IT ecosystem today with how it was ten years ago, you would likely find it hard even to recognize that you’re looking…