tel: +44 (0)1908 303670

GDPR for IT Service Management


GDPR for IT Service Management – Cherwell Blog Article

“We use our Cherwell – ITSM tool for running our support function, how does GDPR affect me?”

“We only use our ITSM tool for tracking customer support calls, it doesn’t come under GDPR does it?
This question really depends on how you define Personal Data and what you have in your Cherwell ITSM tool.

What is Personal Data? (under GDPR)

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

What Personal Data do you have in Cherwell?

Every business is different and the data stored in Cherwell is also therefore going to be different, but let’s look at the likely candidates.

General Information

  • Name – perhaps even full name
  • Address – might be office address, could even be home address
  • Telephone number – work number, maybe and quite possibly mobile number
  • Department
  • email address – work email, maybe personal email
  • Work location, may be different to address above
  • Job Title
  • Position in company, i.e. might be a VIP for example


Sensitive Information

  • Date of Birth
  • Mother’s maiden name
  • Answers to security question – revealing name of first pet, first child’s name etc. etc.
  • Passwords – which ‘might’ be the same for other systems (i.e. their email)
  • Employee Number
  • Any other unique identifier


Business Specific Information (examples only – there could be many of these)

  • Bank Details
  • Working Hours
  • Utility meter locations
  • Where to leave parcels
  • System access details
  • Service offerings
  • Prices paid for specific services
  • Usernames

“Ouch, we have at least, some of those types of information (data types) does that mean GDPR applies to us?

YES, it does.


It also doesn’t matter whether the information is relating to external clients/customers or internal employees. It is all still Personal Data.

That’s Data, is there anything else we need to think about, and can ThebesGDPRAuditing help?

Once you know that you are holding Personal Data you need to start doing something about it.

ThebesGDPRAuditing are able to provide help and guidance around all areas of Cherwell and GDPR, and along with our partners can provide businesses with a complete end to end service ensuring that your systems, processes, and procedures are ready for GDPR.

“But what sort of things should I be looking at?”

  • Somewhere to record all your GDPR activities for accountability
  • Somewhere to log and track requests from data subjects
  • A workflow tool to enable breach reporting in 72 hours
  • A data subject portal so data subjects can see their data, make requests and manage consent
  • A DPO Dashboard so you can see how your organisation is coping with GDPR
  • An Executive Dashboard to keep your main stakeholders up to data
  • Somewhere to record and track all the remediation tasks
  • Somewhere to build a data retention schedule with automatic reminders for removal 

“It would be great if I could find a tool that does all of that, but which one?”

Cherwell is the only mainstream ITSM tool that has a comprehensive GDPR module, which provides all the functionality above and more.

ThebesGDPRAuditing have created a Cherwell GDPR Management platform that sits right beside your existing Cherwell implementation and integrates seamlessly meaning you don’t have to buy a new tool, or learn a new way of working.

The ThebesGDPRAuditing GDPR Management platform natively provides a solution for helping you reach compliance with your Cherwell instance, but it also works with the rest of your business.

  1. Why run multiple tools when you can use Cherwell?
  2. What other tools will integrate so well?
  3. What better tool to use than one that is specifically designed for requests, incident tracking, workflow management, building portals, and with audit trails to provide that all important accountability.

“So, what’s the worst that can happen on the 25th May 2018?”

ThebesGDPRAuditing can help with every aspect of GDPR

See what the GDPR Management platform can provide to help you make GDPR business as usual.

We can also help with many of the other aspects of GDPR and integrate it all into your Cherwell instance: –

  • Track what data you are holding
  • Document where it’s coming from and going to
  • Determine who has access to that data and where from
  • Create a security model and define a strategy for your Cherwell instance which: –
    • Secures access to the data for only those who need it
    • Prevents your data being stored outside of the EEA zone
    • Redefines contracts for your ITSM providers and hosting partners
    • Restricts access to your data by role, geography, data type etc.
    • Enables data portability
    • Facilitates the right to be forgotten
  • Integrate the GDPR portal with your current one to provide a secure mechanism for all data subjects to maintain data accuracy
  • GDPR audit trails to demonstrate accountability
  • Integrate other systems with the platform to automatically delete selected data at the end of its life – according to the data retention policy

These are just some of the activities you might want solutions for.

“Can my ThebesGDPRAuditing GDPR Management platform tool help the rest of my business with GDPR?”

In short YES.

GDPR is likely to touch your business in all kinds of ways, your data Cherwell is one piece of the jigsaw.

But you can talk to ThebesGDPRAuditing and our partners about how we can help you use your ITSM solution to help the rest of your business comply with GDPR


“So, I really need to sort out my ITSM platform before the 25th May?”

In short YES.

Partnership with GDPRAuditing


Thebes Group are pleased to announce a partnership with GDPRAuditing to collaborate on a GDPR Solution for Cherwell.

The collaboration is well under way and we are going to be demonstrating the product offering at the Cherwell EMEA Conference 2018, taking place in Reading on the 17th and 18th April. The product will be available through the Cherwell MAPP Store, and will leverage the power of Cherwell to help you comply with the GDPR.

Our application provides a compliancy toolkit enabling you to track and service all GDPR requests from data subjects. A portal, where data subjects can keep their data up to date and accurate, manage all consents required for your business; extract their own data for access requests and portability.

Additionally, the compliance dashboards (for your DPO & C level) provides reports on all data subject activity, manages and tracks security awareness, logs, tracks data incidents and includes a streamlined mechanism for reporting breaches.

The application facilitates the easy creation, updating, and publishing of privacy notices, along with the creation and tracking of GDPR remediation tasks. The application provides an electronic, data retention schedule and a corresponding data asset inventory. All activities are fully logged and tracked for accountability, SLA’s are tracked for time bound events such as one month for a subject request and 72 hours for reporting a data breach to the ICO.

The product also includes a comprehensive knowledge base covering the GDPR in general and application usage as well as common template documents you can down load and use.

Future releases will have complete DPIA workflow, DPO scheduled task list, and data integrations with common and bespoke data sources within your business.

The application has been designed and developed by Thebes and GDPR Auditing, to provide a product that is fully aligned with the GDPR and helps you fulfil the responsibilities the GDPR imposes on your organisation.

The Aleto Foundation appoints a new CEO and welcomes two new trustees



The Aleto Foundation appoints a new CEO and welcomes two new trustees

 Marking a new chapter in the future of the Aleto Foundation, the charity has announced a new appointment at the top of its organisation and welcomes its new CEO – David Villa-Clarke BEM.

Coming from a background in the Financial Services Industry, David has held Senior Management roles, in the field of Private Client Investment Management, Mergers and Acquisitions and Business Development. David has extensive experience of working in the charity sector, having run his own international charity for 11 years.  This achievement was recognised  in the Queen’s New Year’s Honours List 2017, where he was awarded  the British Empire Medal (BEM) for his commitment to charitable service, mentoring and sports coaching.

David Villa-Clarke takes over the position from Veronica Martin, who will continue as Director of Membership and Fundraising. Mr Villa-Clarke started his position formally on 1 January 2018.

The charity is renowned for its work with the younger generation, many of whom are from humble backgrounds and have overcome adversity. With a focus on leadership development, mentoring and networking, the Aleto Foundation works with many promising individuals to help them reach their full potential in terms of carving out successful careers.

“I am thoroughly excited about taking up my new role as CEO of the Aleto Foundation,” says David Villa-Clarke. “I bring with me a wealth of experience which I fully intend to harness and put to good use. As well as 25 years of working in the Financial Services sector, I have been a board member of National Mentoring Day and worked within schools. I hope to inspire a new generation of leaders,”

Veronica Martin, who joined the Aleto Foundation in 2010, comments: “It has been an honour to watch the next generation progress on their journey to becoming leaders in business and industry and it has been a privilege to be CEO of The Aleto Foundation for the past seven years. The appointment of David Villa-Clarke will take the charity to a new level of success.”

Sir Ken Olisa OBE, chair of the Aleto Foundation trustees, says: “It’s Veronica’s vision and enthusiasm that has pioneered the charity’s leadership programme, mentoring and alumni network to make sure young people get the support they need. We were looking for someone who would be as impressive, committed and hard working as Veronica Martin; we believe that in David we have found that person and are truly excited for the future of Aleto Foundation.”

Veronica describes David as a “brilliant leader” and adds that she “is looking forward to working with him to move the Foundation forward”.

David says: “The role of CEO presents an exciting opportunity for me to use my leadership skills to take the organisation forward by rolling out national leadership programmes.  I look forward to working with Veronica nd the Trustees to inspire the next generation of leaders

Aleto Foundation also recently appointed Daniel Taylor and Michael Hall to the Board of Trustees. They join the current Trustees; Sir Ken Olisa OBE (Chair), Adrian Joseph, Gary Elden OBE, Dr Yvonne Thompson CBE, and Janet Thomas

About Aleto Foundation:

The Aleto Foundation, founded in 2010 under the name Powerlist Foundation, is devoted to aiding the development of a new generation of leaders. The Aleto Alumni Network comprises over 300 young people whose humbler origins, endow them with the understanding and empathy needed to be in the vanguard of the guidance of our great nation.

The charitable purposes of the Foundation are to promote the development of young people up to the age of 25 in achieving their full potential by providing support and activities which develop their skills, capacities and capabilities and enable them to participate in and contribute to society as mature  and responsible individuals.

For more information visit

Contact: The Media Relations Team

Social Media




Global Giving     








The Smith & Williamson Power 100


“Most awards focus on the high profile entrepreneurs, rather than those who enable them. Some, of course, do both. Ken is one of these – he works tirelessly to help entrepreneurs grow great businesses, whilst inspiring them by being one himself.”  – GUY RIGBY, HEAD OF ENTREPRENEURIAL SERVICES AT SMITH & WILLIAMSON

We are sure you will join us in congratulating our Chairman Ken Olisa, OBE for being listed in the Top 25 of Smith & Williamson’s Power 100!  The Smith & Williamson Power 100 shines a spotlight on some of the people who are or who most impact the lives of entrepreneurs. From start-ups to scale-ups, it includes those who help shape policy and those who champion, mentor, support and promote entrepreneurs and entrepreneurship in the UK. You can read the entire list here.