GDPR could lead to ‘hefty fines’ for service desks

Service desks unaware of the implications of the European General Data Protection Regulation (GDPR) which comes into effect in May next year could be levied significant fines according to IT analyst Gartner.

Gartner says that lack of awareness of GDPR means that as many as 50% of organisations could still be in breach by the end next year - six months after the regulations are introduced.

GDPR affects all customer data - including that held by service desks

GDPR affects all customer data - including that held by service desks

The problem is that many people assume that GDPR relates only to marketing and unsolicited messages.  However, the regulations are far more sweeping than this, relating to any data about an individual held by an organisation.  For service desks, this means that email addresses, phone numbers - even IP addresses - must be protected and accounted for at all times.

"Threats of hefty fines, as well as the increasingly empowered position of individual data subjects tilt the business case for compliance and should cause decision makers to re-evaluate measures to safely process personal data," says Bart Willemsen, research director at Gartner.

All business professionals involved with customer data - and that certainly includes anyone working within a service desk capacity - should check their role and level of responsibility specific to GDPR according to Gartner.  It also suggests that a data protection officer is assigned and accountability is shown in all handling of data. 

This could have huge implications for service desks which deal with large databases.  Our advice is to check where your customer data is stored and investigate the rules specific to your business function.  If in doubt, seek legal advice.  The price for failing to comply is simply too high to leave to chance.