The looming deadline for complying with the EU’s General Data Protection Regulation (GDPR) is shining the spotlight on a foundational InfoSec best practice: A comprehensive IT asset inventory.
The reason: GDPR places strict requirements on the way a business handles the personally identifiable information (PII) of EU residents. For example, companies must know what PII they hold on these individuals, where it’s kept, with whom they’re sharing it, how they’re protecting it, and for what purposes it’s being used.
An organization can’t expect to comply with GDPR if it lacks full visibility into the IT assets — hardware and software — that it’s using to process, transmit, analyze and store this data.
“If you don’t know what IT assets you’ve got, how can you effectively find the data on your network that you need to meet GDPR requirements?” said Darron Gibbard, Qualys’ Chief Technical Security Officer for the EMEA region, during a recent webcast.