Is your IT Support Desk General Data Protection Regulation (GDPR) ready?

Your GDPR compliance processes should be well underway by now, but have you missed anything? In this article, we'll look at a few of the overlooked issues with personal data finding their way into your IT Support Desk systems and how to avoid it.

Scroll Down
27-Mar-2018 14:30:00 | Pete Canavan | End user support services

 

 By now, your organisation will already be in full swing with database cleaning, updating data handling policies and have a data officer leading the charge. But have you missed anything? IT Support Desk teams have greater access to data handling systems than the average staff member and therefore need more guidance than some departments.

Why your support desk needs to be prepared

IT Support naturally wants to keep an audit trail for monitoring, performance reporting and training purposes, however, it is very easy for personal data to find its way into tickets that needn’t be kept for long at all. For example:

  • A remote worker asks for a hardware device to be deployed to their home address
  • A work phone fails -the user supplies their personal number so you can reach them
  • An HR system has an issue, a user sends you a screenshot including employee data

In each of these cases, the data does not need to be held as part of the audit trail but can easily end up sat in your ticketing system unnoticed unless you have planned in advance on how to manage them.

Mitigating the risks

Training, training and more training: It goes without saying that training your IT Support Team is imperative, but so is training the users themselves. The easiest way to mitigate risk is to avoid collecting unnecessary personal data in the first place and if both analyst and user are conscious of the fact, then compliance becomes less burdensome on your team. Your organisation should also have a plan in place on how to provide a data subject with their records should they ask for it.

Carefully manage system access rights: Conduct an assessment to decide who really needs access to which systems. This applies company-wide, not just to your team and your Data Officer and IT Security resource should be working with you to determine access rights. Fewer people having access to personal data will inevitably lower GDPR breach risks.

Ditch the dead data: Do not hold records longer than necessary. In most cases, a ticket should not be needed after 30-45 days in order to carry out your audits and reporting. Run your support desk metric reports regularly enough that you don’t have to hold on to tickets for any longer than necessary.

Automate GDPR audits: Take as much of the legwork out of your auditing process as possible by running scripts that will help you flag potential personal data items. However, be careful with non-textual items such as voice calls and images (screenshots). These will require a more manual approach, so do plan how to limit collecting this kind of data and lighten the auditing load.

Some environments will be more prone to picking up personal data than others. Therefore, it is crucial that all IT Support Desk analysts and their customers understand their duties, rights and the processes that are in place in order to engage with GDPR standards. I hope that these tips will help you put the finishing touches on your compliance practices.

Pete Canavan
Pete recommends our FREE webinar consultation

Get a FREE IT consultation from Plan-Net

  • Identify the key IT challenges that your business faces
  • Discover how Plan-Net can help you solve your IT challenges
  • Receive consultancy and tips on how you can use IT to grow your business
Book it now

About the author

Pete Canavan

Pete Canavan is Support Services Director at Plan-Net. An accredited ITIL Service Manager, he has a proven track record in IT with special expertise in the Legal & Financial Services industries.

With two decades in the IT field, Pete has acquired extensive experience in business relationship development, service transformation, project and people management, training and client/supplier relations.

Pete's other passions, besides Plan-Net of course, are his family and football.

Email Pete: p.canavan@plan-net.co.uk

Connect with Pete Canavan on LinkedIn

About the author

Pete Canavan

Pete Canavan is Support Services Director at Plan-Net. An accredited ITIL Service Manager, he has a proven track record in IT with special expertise in the Legal & Financial Services industries.

With two decades in the IT field, Pete has acquired extensive experience in business relationship development, service transformation, project and people management, training and client/supplier relations.

Pete's other passions, besides Plan-Net of course, are his family and football.

Email Pete emailaddress@plan-net.co.uk
Connect with Pete on LinkedIn

    More from the blog

    Did you find this article useful?
    Sign up to receive more from Plan-Net