GDPR: When people have the Right to be Forgotten

Tags: GDPR, IT Service Management

The Right to be Forgotten included in GDPR will force IT Service Managers to rethink their data retention policies. The times of intensive logging of activities in ITSM tools might be over. Complying with the legal requirement to erase or anonymize personal data on request of an individual is in reality extremely challenging – both technically and commercially.

I have seen many requests for proposals in recent years that may be in direct conflict of the upcoming GDPR, depending how the legislators interpret the Right to be Forgotten. Examples include:

  • The ITSM tool shall provide a history view of any changes done to a data record
  • The ITSM tool shall log all changes to records in a protected log file
  • The ITSM tool shall log who has been reading which record at what time


When you actively use the above-mentioned features, you create a massive number of logs. And yes, Big Data is a hyped buzz word in recent years. But if you don’t do much else with that pile of data than storing it “just in case”, then you might want to reconsider your data retention policy. Will you really need all that personal data in daily operations?

According to the GDPR, any individual that has used your ITSM solution may request that her personal data (including such a trivial thing as her name) is erased. In reality, such a request is likely to occur when your business relationship with the individual ends (such as end of employment). The individual may remove the consent to use her personal data or – even worse – may request that all personal information is removed. How will your organization react to such a request? How will you forget about somebody you used to know so thoroughly?

We at Efecte believe there are three simple – well, simplicity can always be argued a bit – steps to comply with GDPR’s Right to be Forgotten. Please refer to our newest Guide for IT Service Managers (Three steps to comply with GDPR Right to be Forgotten) to learn how. And if you have other questions on how to update data retention policies in your IT Service Management solution, do not hesitate to contact us. We are here to help.

Download a GDPR Guide for IT Service Managers

Peter Schneider
VP Products

Peter Schneider

Written by Peter Schneider

I am Chief Product Officer @Efecte. Responsible for product management, product marketing and product strategy.