Skip to main content

EU General Data Protection Regulation

GDPR-compliant IT service management infrastructure

Helpdesk and ITSM platforms process data on behalf of your business — handling employee requests, customer tickets, and asset records. When that data includes personal information, your ITSM infrastructure is a GDPR data processor. We ensure yours is compliant.

Request a DPA View compliance overview

What is the GDPR?

IT service management platforms sit at the heart of your internal operations. Every ticket submitted, every asset assigned, every employee request processed may contain personal data. GDPR applies to every system that processes data — not just the database where it rests. That includes your helpdesk and ITAM platform.

In force since

25 May 2018

Scope

Any org processing EU personal data

Max fine

€20M or 4% of global turnover

Breach reporting

72 hours

Key GDPR obligations for ITSM platforms

ITSM platforms are data processors — they handle employee and customer personal data as part of IT service delivery. These six articles govern what obligations that creates.

1

Art. 5 — Principles of processing

Helpdesk tickets must only process personal data for the purposes for which it was submitted. Ticket data, asset assignments, and audit logs should be subject to retention limits. We support configurable data retention across all managed services.

2

Art. 6 — Lawful basis

Processing employee and customer data via ITSM requires a valid lawful basis — typically contract or legitimate interest. Your helpdesk and asset management system is a processing activity and should appear in your Record of Processing Activities (Art. 30).

3

Art. 17 — Right to erasure

If a data subject requests deletion, you must remove personal data from ticket history, asset records, and audit logs. We support configurable retention windows and data purge on request.

4

Art. 28 — Data Processor

We act as your data processor for any personal data processed through managed ITSM services. Our DPA covers Snipe-IT, Zammad, FreeScout, and GLPI — and the infrastructure sub-processors involved.

5

Art. 32 — Security of processing

ITSM platforms need the same security as any data processor. Our deployments use encrypted storage, isolated tenant environments, and access controls — protecting employee and customer data.

6

Art. 33 — Breach notification

If a breach affects personal data on our managed ITSM infrastructure, we notify you within 72 hours so you can meet your reporting obligation to your supervisory authority.

Art. 30 — ITSM as a documented processing activity

Under GDPR Art. 30, data controllers must maintain a Record of Processing Activities (RoPA). Your helpdesk and asset management system is likely one of them — it processes employee names, email addresses, device assignments, and service request details.

  • Document your ITSM platforms in your RoPA: what personal data is collected in tickets and asset records, for what purpose, and under which lawful basis
  • Data minimization: ticket forms should only request the fields needed to resolve the issue — avoid collecting unnecessary personal information in free-text fields
  • Retention limits: configure ticket archive and asset history retention so the system purges personal data after your defined retention period — and deleted from backups on schedule

What we provide for GDPR compliance

  • Data Processing Agreement (DPA) on request
  • EU data residency — Nuremberg (primary) + Falkenstein (DR)
  • Audit logs retained and exportable
  • Data export on request (Art. 20 portability)
  • Data deletion on request (Art. 17 erasure)
  • 72-hour breach notification to you (Art. 33)
  • Encrypted backups stored within the EU
  • Sub-processor list available on request

Your GDPR-compliant ITSM stack

Four managed ITSM platforms — running on EU infrastructure with DPA coverage for all personal data processed through your service desk and asset inventory.

IT Asset Management

Snipe-IT

IT asset management made simple

from $39 /mo

Helpdesk & Ticketing

Zammad

Beautiful helpdesk and ticketing for your team

from $49 /mo

Shared Mailbox & Helpdesk

FreeScout

Lightweight shared mailbox for small teams

from $19 /mo

Full ITSM Suite

GLPI

Complete ITSM suite with asset and helpdesk management

from $49 /mo

ITSM platform processing personal data?

Request our DPA for your managed ITSM infrastructure and discuss how to document your helpdesk and asset management in your Record of Processing Activities.

Request a DPA