As a result of GDPR compliance, businesses must put mobile devices on even footing with desktops. This is true as we race towards 25th May 2018. This is when the General Data Privacy Regulation (GDPR) takes effect.
What is GDPR?
GDPR is a set of rules created by the European Parliament, together with the European Council and European Commission. It governs how every organisation must protect and manage data pertaining to individuals. The new regulation will come into effect on May 25, 2018. Non-compliance may lead to stiff penalties.
GDPR applies to any organisation that;
- does business in the EU,
- sends employees to the EU,
- has customers in the EU,
- engages with partners in the EU,
- or even handles data associated with individuals who either travel to or are in the EU.
This means that the personal data on employees’ devices require regulation and security. This is irrespective of the ownership of the device. Another key point is Brexit has no effect on GDPR.
GDPR compliance on mobile
Compliance is not only limited to traditional internal IT systems. Instead, the growing use of mobile devices can put any compliance efforts at risk. This can happen through risky behaviours and malicious attacks. Coupled with unauthorised apps, this can send data to other countries.
In reality, employees have access to a wide-ranging spectrum of data types via their mobile device. These include but are not limited to;
- Work Calendar.
- Corporate Email and attachments.
- Corporate Contacts.
- Enterprise Applications.
- Corporate Networks.
- Corporate Messaging.
- Stored and Saved documents.
- Admin Tools.
- CRM systems.
- Banking Applications.
Each one of these carries with it some kind of GDPR-regulated personal data (e.g., contact information, email addresses).
Who is responsible?
It is no longer limited to the business owner to ensure the compliance of Data protection and GDPR. As a result of GDPR, everyone at every level of the business must become involved. Mobile devices are workplace tools. Keeping your company in compliance is a must. In summary, the need to protect users, their devices and your company data is a requirement.