Is your IT Support Desk General Data Protection Regulation (GDPR) ready?



Scroll Down
27-Mar-2018 14:30:00

In my last piece, I talked about Problem Management and how it is often confused with Major Incident management. In fact, while the two are linked, they are very different beasts. However strong your Problem Management, you must be ready for business critical incidents.

 By now, your organisation will already be in full swing with database cleaning, updating data handling policies and have a data officer leading the charge. But have you missed anything? IT Support Desk teams have greater access to data handling systems than the average staff member and therefore need more guidance than some departments.

Why your support desk needs to be prepared

IT Support naturally wants to keep an audit trail for monitoring, performance reporting and training purposes, however, it is very easy for personal data to find its way into tickets that needn’t be kept for long at all. For example:

  • A remote worker asks for a hardware device to be deployed to their home address
  • A work phone fails -the user supplies their personal number so you can reach them
  • An HR system has an issue, a user sends you a screenshot including employee data

In each of these cases, the data does not need to be held as part of the audit trail but can easily end up sat in your ticketing system unnoticed unless you have planned in advance on how to manage them.

Mitigating the risks

Training, training and more training: It goes without saying that training your IT Support Team is imperative, but so is training the users themselves. The easiest way to mitigate risk is to avoid collecting unnecessary personal data in the first place and if both analyst and user are conscious of the fact, then compliance becomes less burdensome on your team. Your organisation should also have a plan in place on how to provide a data subject with their records should they ask for it.

Carefully manage system access rights: Conduct an assessment to decide who really needs access to which systems. This applies company-wide, not just to your team and your Data Officer and IT Security resource should be working with you to determine access rights. Fewer people having access to personal data will inevitably lower GDPR breach risks.

Ditch the dead data: Do not hold records longer than necessary. In most cases, a ticket should not be needed after 30-45 days in order to carry out your audits and reporting. Run your support desk metric reports regularly enough that you don’t have to hold on to tickets for any longer than necessary.

Automate GDPR audits: Take as much of the legwork out of your auditing process as possible by running scripts that will help you flag potential personal data items. However, be careful with non-textual items such as voice calls and images (screenshots). These will require a more manual approach, so do plan how to limit collecting this kind of data and lighten the auditing load.

Some environments will be more prone to picking up personal data than others. Therefore, it is crucial that all IT Support Desk analysts and their customers understand their duties, rights and the processes that are in place in order to engage with GDPR standards. I hope that these tips will help you put the finishing touches on your compliance practices.

New call-to-action

Download our FREE
End User Support e-book

If you share any level of responsibility for delivering high quality It to your organisation, our FREE e-book ‘Happy Users, Easy Life’ is for you.

New call-to-action

Leave a Comment

Pete Canavan
Pete recommends our FREE webinar consultation

About the author

Pete Canavan

Pete Canavan is Support Services Director at Plan-Net. An accredited ITIL Service Manager, he has a proven track record in IT with special expertise in the Legal & Financial Services industries.

With two decades in the IT field, Pete has acquired extensive experience in business relationship development, service transformation, project and people management, training and client/supplier relations.

Pete's other passions, besides Plan-Net of course, are his family and football.

Email Pete:

Connect with Pete Canavan on LinkedIn

Talk to us today about Business Advantage IT

If you’d be interested in discovering how Plan-Net could help give your organisation Business Advantage IT, get in touch.

Did you find this article useful?
Sign up to receive more from Plan-Net