When you’re involved in IT&SAM in Europe you have probably heard of the new General Data Protection Regulation. In this post, I’d like to shine some light on how this new ruleset affects your job, and how you should adapt to it. When you’re in IT&SAM outside of the EC you will be affected (maybe) less. When you’re in an organization that’s acting global, and in the EC, you must navigate between various regulations that are valid in different parts of the world.
As SAM practitioners may involve internal staff, sometimes hired experts or employees of a SAM service provider, it’s of the highest priority to find out what role you have according the new GDPR. And at times there will be a combination of roles, between data processor and/or data controller.
First you need to know that the regulation started on May 18th of this year (2016) in Europe, and will be effective as of May 25th, 2018. In the meantime, organizations have time to adapt to the new regulation, train people, assign accountable and responsible. Last week I read that it was to be expected that between 26.00 and 74.000 new Data Protection Officers will need to be added in organizations, in the years to come.
As IT&Software Asset manager you’re using lots of data sources. Incorporated in some of these sources is personal information and other data that is subject to the new GDPR. And it doesn’t matter anymore if your part of the data controlling organization or a service provider, or any other function. If you’re handling GDPR affected data, you need to comply!