The new European General Data Protection Regulation (or EU GDPR for short) will come into force in a month’s time. Businesses are working flat out to meet all the requirements of the new regulation. But it’s not just about processing customer data. The topic of mobile devices also plays a role. Here’s an overview of what you should bear in mind when securing and managing your employees’ devices.
The impact of the GDPR on mobile devices
One of the core elements of the GDPR is “data protection by design”. The protection of data must be assured over the whole data life cycle and must be proactively embedded early on in the development and operation of IT systems, network technology and business practices. This therefore also applies to mobile devices, regardless of whether they are provided by the company, or whether employees use their own private devices for work (known as “bring your own device”, or BYOD). Employees connect to networks and access company data like documents, and therefore data, that are governed by the GDPR. These data need to be protected as the GDPR also stipulates that the best possible technical measures should be deployed for data protection. If this is not the case, companies will have to justify themselves to the authorities in the event of problems with data protection.
Security
In order to comply, software is needed that can protect data and mobile devices from external attacks. And it must be able to quickly identify potential risks, as well as implement policies aimed at eliminating risks to mobile devices. Another crucial factor is the possibility to give access to specific data depending on their level of risk. It is important to ensure that the transfer of data from the EU to other countries is secured. Furthermore, any data breaches or accidents during data processing must be reported to the supervisory authorities within 72 hours. There is security software that can perform this task.
Lookout enhance transparency over mobile threats and risks
Lookout, the expert for Mobile Endpoint Security, provides comprehensive risk management across iOS and Android devices to secure against app, device, and network-based threats while providing visibility and control over data leakage.
Enterprise Mobility Management – The core of GDPR compliance
One of the core elements that can aid compliance with the GDPR is an enterprise mobility management system, or EMM for short. This enables mobile devices to be managed from a central point, allowing devices to be set up, updates to be deployed centrally as well as rights to be revoked. An important function is also the strict separation of personal data from business data. This means that business data are stored separately on a device and can even be removed remotely by the IT department when necessary. This also ensures that no access to employees’ private data is possible.
An EMM also provides a transparent overview of all unauthorized access attempts. It shows what devices and apps can access underlying services. The so-called audit trail indicates breaches of data protection, providing evidence of activities that have led to threats to data and of measures undertaken by IT. It also reinforces security measures. Security configuration and policies can be defined and also enforced in problematic cases. Measures can be initiated to counteract any attacks on the operating system.
Leading stand-alone EMM provider
MobileIron can help you meet GDPR requirements across your mobile deployments.
Summary
The GDPR will change the way people work with mobile devices. If you have any questions about how you can make mobile devices in your company GDPR-compliant, please feel free to contact us.
If you have any questions on this subject, please feel free to contact us.