Oct 12, 2017

How Software Asset Management Supports GDPR Compliance

As most people must be aware by now, the European Union passed new data protection regulations known as the “General Data Protection Regulation” (GDPR) on 14 April 2016. Companies have until 25 May 2018 to become compliant. Non-compliance will bring heavy fines and penalties.

What is the GDPR?

Described as the “most important change in data privacy in 20 years”, the GDPR will:

  • Replace previous Data Protection Directive that was created to regulate control of Personally Identifiable Information (PII)
  • GDPR will harmonize data protection laws across 27 EU member states
  • Clearer rules for data transfer across borders
  • Better control over individual’s data

What will change with GDPR?

Key changes will include:

  • A single set of rules and a single data protection authority
  • EU Regulation will apply across borders
  • Greater compliance requirements
  • Data protection officer (may be made compulsory)
  • Increased responsibility around security breach notification
  • Heavy non-compliance sanctions
  • Privacy by design and privacy by default
  • Right to be forgotten and data portability
  • Regulations in place now – full start will be 25th May 2018

GDPR fines for non-compliance may be substantial

It is a worrying fact that there are likely to be high profile fines imposed as a result of companies failing to comply with the General Data Protection Regulations. These penalties can be up to 4% of the annual revenue of the company.

Not only would this potentially be a staggering cost for the company, but such fines could also cause catastrophic reputation damage as well. Can you imagine the backlash for a multinational company being fined for failing to meet EU GDPR and EU law? How might stakeholders and shareholders react?

Software Asset Management supports GDPR compliance

There are close links between asset management, governance and data privacy, and companies are taking GDPR very seriously.

Aspera has found that the use of its Software Asset Management (SAM) data provides customers with a solid foundation for the GDPR compliance process. By using the combination of a reliable discovery tool feeding into a SAM tool like Aspera SmartTrack, Asset Managers can get a “head start” for GDPR compliance.

In order to reach compliance, it’s important to have a SAM solution that identifies the hardware and software that is in use on the network. Once you know what software you have in your environment you can:

  • Ask each data owner to check if any personal data is held
  • If so, is it needed for business purposes?
  • If the answer is no, it can be deleted
  • If the answer is yes, you than need to ask:
    • Is access limited to those who need to see it? Action may be necessary to restrict access
    • What security measures are in place to protect the data? Encryption may be necessary

As you can see, Software Asset Management helps you determine the foundation of your GDPR process and provides an easy means of dealing with those difficult first steps.

Next steps – How SAM can help

Aspera has been working with customers wishing to move quickly and seek compliance in advance of the 25th May deadline. In fact, Aspera’s hosting service already complies with the new standards.

I’ve personally seen an increase in companies asking for help to get the baseline information which we can generate through our SmartCollect discovery and SAM solution platforms. Effectively, we can shortcut some of the first steps that are currently a struggle for companies.

Topics: Audit Defense, SAM Insights