The Data Protection Gap- Is ITAM The Problem Area?
Data breaches are on the rise and information that goes missing from a device represents a big risk. Can you afford to take the risk?
There is just 12 months left to comply with General Data Protection Act (GDPR), all organisations over the world that process the personally identifiable information of EU residents will be required to abide by several provisions or face significant penalties.
The Regulation mandates considerably tougher penalties than the Data Protection Acts: breached organisations can expect fines of up to 4% of annual global turnover or €20 million – whichever is greater. Fines of this scale could very easily lead to business insolvency and, in some cases, closure.
Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2016 Data Breach Investigations Report reaffirms, “no locale, industry or organization is bulletproof when it comes to the compromise of data”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.
If you don’t know what devices you have and what applications and data is stored on them then you need to make plans to find out. Once you have identified where personal data resides and who has accessed you can start to take steps to comply with GDPR and secure your data.
As the IT asset manager, you are responsible for your entire organisations inventory of IT hardware, so you are asked by the C Level about:
- How many devices (PCs, laptops, servers, mobiles) does the organisation own?
- What members of staff have access to them and where are they?
- What software is installed on the devices and which applications are actually used and by who?
- Do the devices all have data encryption installed?
Would you, the ITAM manager be able to confidently and accurately answer those questions? It is not uncommon for organisations to suffer a data security breach on a device and not even know about it.
ITAM managers will need to play a crucial role in ensuring their organizations are GDPR compliant. Quite simply it is essential to know what devices are deployed, where they are and what software they can access. Without this information data cannot be protected. With an understanding of your compliance gaps, data inventory and mapping, you will be in a position to assess your personal data risks and develop prioritised remediation plans.
If you are interested in more details about GDPR, click here to requesting our whitepaper on GDPR and the implications for ITAM Manager or for a free overview of how to start to comply with GDPR.