ServiceNow handling GDPR

danpatino · ‎05-04-2017

Does anyone have any information on how the ServiceNow platform will handle GDPR (General Data Protection Regulation). I realize there is a K17 lab on the topic but none of our contacts at ServiceNow seem to be familiar with the regulation at all. It's a pretty big deal for our company as I would image it is for any organization operating in EMEA.

danpatino · ‎06-07-2017

Just as an update, I attended the lab and it was focused on how to track your GDPR compliance through their GRC module.

While it was a great lab, I was most concerned with how to comply with the Right to Erasure within the ServiceNow platform. Simply altering a user record does not affect email logs, transaction logs (including IP addresses) or mentions within text fields.

Does anyone else see this being a problem? A few others have marked this thread with "I have the same question" but maybe if we get a dialogue going we can have some clear instructions on how to comply.

Albert Franques · ‎03-14-2018

Hey Dan, are you still looking for a solution to this? If so let me know and I will contact you.

thanks

hellehansen · ‎11-09-2017

Dear All,

I just learned, ServiceNow is ready for GDPR

Have a look here: short vidoe about SericeNow ready for GDPR

The General Data Protection Regulation (GDPR)- and Financial Services - YouTube

br Helle Hansen

Anne Mc · ‎12-13-2017

Unfortunately the video is about how their GRC module helps you monitor all your systems for GDPR compliance. There is no mention of how the ServiceNow platform can be made to be compliant. For a start, we need to know:

1. How do we find and remove ALL records for someone who asks to be forgotten?

2. How can we use pseudonymisation and encryption for data that we don't want to remove, e.g. where removing it will corrupt other data or leave orphaned records?

Has anyone found any information on this yet?

Regards,

Anne.