Don’t panic but your GDPR preparations may be a waste of time
Every day we are bombarded by emails about conferences, advisors, training courses and other offers to help business managers comply with GDPR. In general they are well meaning and mostly offer sound advice however if your own IT asset inventories are incorrect then you have a problem. No amount of outside help is going to remove the risk of you not knowing what devices hold which software applications, databases, and therefore what data and who uses it.
The fact is most organisations cannot provide an accurate list of all their devices and applications making GDPR compliance impossible. If this level of accuracy was known there would be no need for software licensing audits or assessments. In many cases the servers and datacentres are the resources which have the least visibility and the advent of cloud platforms and hosted services is making it even harder to track IT applications.
The question is how can you validate your IT asset inventories when you have so little time before GDPR is with us? The answer is quite simple – perform an agentless scan and validate the list of servers and other devices and an inventory of key database applications. It will take a few days but once complete this list can be compared to what is already known and protected.
Remember, also if you don’t know where all your IT assets are then a hacker may find them for you.
For further details about agentless scanning and our whitepaper on GDPR discovery click here or contact firstname.lastname@example.org.