A specific post will be reserved on this issue, going a little more into the practical aspects of what companies need to do concretely.
Among the practical actions to be taken to meet the requirements of the GDPR, the Asset Inventory (or inventory of technological assets) is important.
The inventory of technological assets serves to have a complete overview of all the elements that make up the system, including those in charge of security and information management. Some of the elements to be surveyed:
- Devices:Computers, servers, tablets, network devices but also IP cameras, door openers, presence detection systems, …
- Software:Software equipment of the devices on the network and detailed information about them.
- Archives: Databases, file shares
- Users:List of users who have the right to access devices and software in the company
The Asset Inventory is the intermediate step between the preparation of the treatment register and the information system. Through the Register of treatments, the managers of the company draw up a list of all the applications used for the treatment. The Register can be either in written or electronic format and represents a constantly updated census of the data processed, of the archives, of the categories of interested parties. To this is added the Asset Inventory, the inventory of all the technological assets present in the company.ò