The General Data Protection Regulations (GDPR) are coming in to force on 25th May 2018, and with this the security, protection and management of mobile devices must be considered as one of the most important subjects for all companies and IT personnel.
With more high-profile device attacks appearing in the news, there is now a far greater scrutiny surrounding the possibility of confidential data falling into the wrong hands, and Mobile Device Management (MDM) is a key area for review.
What is Mobile Device Management?
Mobile Device Management allows IT personnel to control the security, monitoring, integration and management of mobile devices such as laptops, smartphones and tablets in the workplace. This is a necessity for companies of all sizes who have a mobile workforce and are conscious about the security of their data.
What does GDPR mean for Mobile Device Management?
Under the GDPR articles, organisations must keep a records of how and when an individual gives consent to store and use their personal data. To begin with, the personal data you hold will need to be documented in terms of where it came from and who you share it with. An information audit is recommended for this purpose to provide a clear record of any unauthorised access to business services, as well as accountability.
Visibility of Device Utilisation
Gaining visibility of which devices and apps are accessing business services will assist in your compliance with GDPR. In the event of a data breach, the IT administrator or allocated data protection officer can demonstrate through audit logging exactly which actions took place leading up to the compromise and what, if any, actions IT or the data protection office took as a result.
Device Security Threats
Protecting your mobile devices from security threats is crucial. Appropriate security configurations and policies to the devices and applications will need to be undertaken. Monitoring the security compliance ongoing is also required, which includes any attacks on the integrity of the operating system.
Separating Personal and Business Data
Establishing a clear boundary between the user’s personal data and the business data on their work mobile device is extremely important. Ideally, the mobile device controller should not be able to gain access to personal apps or personal email accounts on the device. This will help to minimise data as well as copying with the integrity and the confidentiality principle of the GDPR.
Without a successful security strategy in place, your organisation could suffer the financial, regulatory and reputational consequences that follow a serious data-security breach, with penalties resulting in fines of up to 4% of an organisation’s global annual turnover or €20M, whichever is higher.
Mobile Device Management is important for helping organisations move towards GDPR compliance. The solutions it offers play a crucial part in combatting the challenges listed above and helping to ensure that the management, security and compliance of your confidential data is under control. This makes MDM an important component of your GDPR compliance program, as it can help by enabling you to secure, manage and protect mobility with ease.
Here at OPAL, we recommend Jamf as the de-facto standard for Apple Management for macOS and iOS devices, and a combination of Office 365 and Microsoft Intune for Windows devices.
For more information on how we can help you plan, implement and achieve your required levels of GDPR compliance through Mobile Device Management, please get in contact with us at [email protected] or 0330 22 33 011.