Mobile Devices and GDPR – How Will You Manage?

posted in: BYOD, Cyber Security, GDPR 0

In today’s age of modern technology, it is incredibly rare to find someone in business who doesn’t have a mobile device. Most of those devices are linked to their business email, if not to their entire business systems. But with all of that easy and convenient access comes a pretty big security risk for your business. With GDPR coming into effect this month, a lot of businesses are reviewing where their data is and how it can be accessed. However any are forgetting mobile devices when they make those lists. Today, we wanted to talk a little bit about how GDPR will impact your mobile device management, and what you need to do to be compliant.

 

What Is Mobile Device Management?

Firstly – what is Mobile device management, or MDM for short? Quite simply, it’s how your IT department or consultant will control the securing, monitoring, integrating and managing of all smartphones, tablets and laptops. This doesn’t just cover company owned devices either – but employee devices used on company property or with company data stored on them under a BYOD policy and is especially important for any business with a mobile workforce. This is usually done either manually, or more commonly through the use of mobile device management software. Mobile device management policies don’t just improve the functionality of your network but add an extra layer of security and protection for any data on your corporate network.

 

What Does GDPR Mean For MDM

Unsurprisingly, GDPR (which features 10 chapters and a total of 99 articles, plus 173 recitals) will have a significant impact on how businesses approach mobile device management in the future. Specifically, there are 4 key areas that businesses need to address in order to be ready for GDPR:

Information Audits: One of the biggest changes GDPR is bringing in is the fact that businesses now need to know where all of their data is, along with a record of how and when an individual gives consent to store and use it.  You will also need to be able to show where that data came from, and who that data has been shared with. This provides a particular challenge when it comes to mobile workers, such as sales reps, who may collect data on the road. We recommend carrying out an information audit before May 25th to provide you with a clear record of not only what your information is, but where it is and who has access to it from what devices.

Visibility Of Device Utilisation: When managing mobile devices to be compliant with GDPR, you need to be able to see which devices and apps are accessing business services at all times, on all devices. This may include some employee’s personal devices, which in turn will need to be risk assessed. Gathering this information will then assist you in putting a protection protocol in place. This way in the event of a data breach, the IT administrator can demonstrate through audit logging exactly which actions took place leading up to the breach, and what happened afterwards.

Device Security Threats: All too often, mobile devices are overlooked when security is concerned. But mobile devices provide a significant security risk if they have not been properly protected. In order to protect your businesses data (and your clients too), you need to ensure that the appropriate security configurations, encryptions and protection policies have been applied to the device. You will also need to monitor the security compliance of the device and applications, including any attacks on the integrity of the operating system.

Keeping Personal And Business Data Separate: Of course, ensuring the security of business data is much easier when personal and business data is kept separate. Establishing clear boundaries between a user’s personal data and the business data on their work mobile device is another very important step to take. In an ideal world, the user should not be able to gain access to any personal apps or personal email accounts on a business device, and vice versa. This would help minimise risk and be an easy way to stay GDPR compliant. However, this isn’t always possible, and so instead businesses need to focus on minimising the overlap and establishing clear boundaries and policies for managing them.

While it may not have been a focus in the past, mobile device management is becoming an important factor for business owners for many reasons – not least for GDPR compliance. The solutions it provides not only play a critical part in all the areas above, but also help ensure the management, security and compliance of your confidential data is under control. So, you see, mobile device management is an essential component for any business. At ACT Systems, we can not only help you audit and analyse your current device management systems but create new solutions to fit your business needs and ensure compliance with GDPR at the same time. For more information, just get in touch with us today.