While understanding of GDPR has improved, the specifics of how it will impact functions such as the service desk are not as clear.
The new EU General Data Protection Regulation (GDPR) came into force in May 2018, and if your organisation is not already well prepared then you need to take urgent action right now. This regulation aims to give European Union (EU) residents rights over what, how, why, where, and when their personal data is used.
GDPR affects every part of the business, including your marketing department, sales, legal, HR – anybody who controls or processes personal data, or sets the rules for how this should be done.
In this blog we discuss how GDPR might impact your IT service desk.
What personal data does the service desk use?
The first thing you need to do is to think about what personal data your service desk uses. Examples of personal data that a service desk might use include:
- Names, private addresses, and personal phone numbers of employees or external customers
- Information about staff, including current roles and employment histories
- Incident records, which may include a wide range of personal information supplied by the people who describe incidents
How does the service desk use this data?
- What personal data do you store on the service desk?
- How do you process this data, and what do you use it for?
- Who can access the data you hold, and have they been trained to understand their obligations under GDPR?
- How do you maintain the data? What checks do you have to ensure it is accurate? How long do you keep it for?
How will your service desk respond to requests from data subjects?
GDPR gives data subjects a number of rights, for example, they can demand a transportable copy of any data that you hold about them. What will your service desk agents do when someone calls them and asks to exercise one of these rights? Do you have procedures in place, or does the service desk know where to send the request?
You need to think about how you are going to respond to these requests, and put in place the right procedures and training to ensure that your service desk does the right thing when necessary.
Once you have thought about and analysed all the ways in which your service desk collects and stores data, measures must be put in place to ensure that it is kept up to date and that your customers only receive content that is relevant to them and that they have opted in to.
If you’d like to learn more about how your service desk can become compliant, book our online GDPR course and find out all you need to know.