The GDPR and IT Asset Management: Don’t wait until 2018 to make sure your IT assets are ready

Nick_Rendall Respected Contributor.
Respected Contributor.
1 0 834

secured door.jpg


Hopefully you are familiar with the IT impacts of the General Data Protection Regulation, more commonly known as GDPR. This new regulation out of the EU, takes effect May 25th 2018, and will permanently impact how data is managed and stored by companies. It has been compared to the Sarbanes-Oxley Act in terms of global impact on business, even on countries not in European Union.  Any company that handles GDPR-affected data, not just companies based in the EU, will have to comply with the new GDPR standards for data usage, protection, collection, and management. When I recently attended the largest global ITAM conference (IAITAM ACE) in May, GDPR was at the top of the list of topics discussed; clearly for good reason!

While this change will mean greater data protection for EU citizens, it has companies scrambling to make sure they are compliant before the effective date next spring. The penalties for breaching the new regulations are severe: the maximum fines include fines up to four percent of annual revenue or $20M Euro (whichever is greater). However there is a tiered approach in the penalties—and less serious penalties have lower fines.

The majority of the technological focus for GDPR preparation and transformation has revolved around storage and server security or software security and infrastructure management, as it rightfully should. But what about the role of IT Asset Management and Discovery in the GDPR transformation process? It is a crucial piece of the GDPR puzzle, and should be considered as important as any other step in preparation.

For example, let’s fast forward to 2018 and pretend there has just been a security breach at your company, and the senior management team and GDPR auditors are looking for answers. If you are an asset manager you will be responsible for understanding:

  • What devices you have
  • Who has access to these devices
  • Where they are
  • What software and applications are installed on them
  • If they are encrypted

It could lead to a breach in GDPR data protection if you can’t answer questions about this criteria!

You cannot protect and encrypt what you do not know you have

This process starts with comprehensive discovery of hardware and software assets, and the complexities of discovery of software licenses makes this process even more difficult. There are few large enterprise companies today that have 100 percent visibility into their devices used, particularly with the knowledge of who has access to them and what software and applications are installed. The larger the percentage of devices that are not discovered correctly, the greater the risk of a breach of GDPR regulations. Micro Focus Universal Discovery has the option of both agentless, agent-based, or hybrid discovery capabilities to maximize the breadth and depth (particularly around SAM) of asset information available gathered in the most efficient manner desired for your organization.

Once your assets are discovered, using an asset management tool to track usage statistics, licenses, and access ensures that you know who has access to what within your company. This knowledge lays the foundation for the recommendations of the GDPR around data encryption and general protection.

Comprehensive discovery and IT asset management can help achieve GDPR compliance for certain types of data: you cannot protect what you can’t see! I would love to hear how your organization is approaching GDPR in the lens of discovery and ITAM, please comment in the section below! And if you have any questions on how to get started with or augment your organizations discovery or ITAM efforts for GDPR, feel free to contact a Micro Focus software expert today because May 2018 will be here before we know it!


The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.