In April 2016, the EU passed the General Data Protection Regulation (GDPR) which will be implemented next year in all EU member states. The legislation gives people more control over how their personal data is being used by companies and introduces stricter fines for non-compliance and breaches. In addition, we now expect to see companies being held publicly accountable for any misuse of customer data, making it even more important to show compliance.
All data protection rules will be identical throughout Europe, making it much more straightforward to manage. It will also enable companies to utilize data in a secure and lawful way, improving overall trust in the evolving digital economy.
In order to comply, organizations need to implement strong future-proofing policies, procedures and processes to protect themselves. They face not only the risk of heavy fines but also added risks of reputational damage and potential loss of consumer confidence.
So, what does this mean for businesses with thousands of devices to manage? Data protection doesn’t stop at the desktop – the law is just as applicable to mobile and IoT devices. Most organizations manage an array of corporate and personally-owned devices across the world that are authorized to connect to the corporate network, making it difficult to manage and prevent security breaches. It’s just as important to protect mobile and IoT devices as corporate data can be accessed through them.
Alongside other business-critical systems, enterprises need to address:
A data assessment report: This requires organizations to locate any personal data that they are holding, and document how it is intended to be processed for regulatory inspections. Organizations should also examine whether they are lawfully processing data, and whether they will be permitted to continue doing so under the new regulations. Auditing international transfers will also need to be documented to lawfully transfer the data – otherwise they could be looking at a penalty of up to €20 million or four per cent of annual worldwide turnover – whichever is the greater. As part of the assessment, businesses should also update their data security breach plan to ensure the new rules can be met, as well as develop a framework to monitor processes and train staff accordingly.
Field-work: It’s imperative we extend GDPR protection measures to mobile and IoT devices, as well as businesses as a whole. Devices that are stolen or stray into the wrong location should be remotely wiped to ensure complete safeguarding.
Using encryption to prevent unauthorized access and ensure the device (and access to data) is always password protected will minimize the risk of corporate data being compromised in the event of a security breach. Other features, such as an automated log-off after a certain period of time can also protect against illicit access. A good example of this is McDonald’s; as part of its customer initiative, ‘Experience of the Future’, restaurants throughout the UK now have customer-facing Samsung Galaxy tablets used to play games, browse the internet and post on social media. SOTI’s mobility solution provides time-based wipes on the tablets, so after two minutes all data is completely wiped. This not only takes the maintenance and upkeep away from McDonald’s, but also prevents customers’ personal data being accessed.
Start with why: Technologies such as SOTI MobiControl can control every aspect of business mobility, securing and managing platforms such as Apple iOS, Google Android, and Microsoft Windows. SOTI MobiControl can help businesses manage devices within the GDPR compliancy framework, including the ability to remote wipe a device, and secure and locate a lost or stolen device. Businesses must look at every endpoint in their organization to ensure they are compliant and build GDPR functionality into their mobile strategy. If devices cannot be made compliant, it’s time to take safety measures and invest in different products.
Preparing for GDPR may take some time but it will pay off to be thorough. Businesses must implement these methodologies now rather than waiting till the last minute. With roughly a year left, it’s critical for organizations to understand what they need to accomplish in the remaining time so they can aim for long-term prosperity and security.
White Paper: Don’t Come Last in a Mobile-First Future
The era of desktop computing has ended. Smart companies know that business mobility is critical to their long-term success. They are accelerating their investment in mobile technology — more devices, apps, content and back-end systems. They are turning into ‘Mobile-first’ companies. However, this new philosophy does not come without challenges. Dealing with scale, diversity, interoperability and remote support for all the new devices and endpoints are just a few of them. Mobile-first companies are looking for mobile-first solutions to help them address these new challenges.