Most of us are well on your way to preparing for the enforcement of the General Data Protection Regulation (GDPR) next May. But, have you thought about the mobile devices, tablets and IoT that your team use? Do you know if the data you have saved on those devices is covered in your plans and / or protected against loss or theft? Can you access the devices and remove data? Can you be sure that you are not accidentally sharing data with third parties through apps?
We only have a few mobile devices, can it wait? Data protection doesn’t stop at the desktop – the law is just as applicable to mobile and IoT devices. It doesn’t matter if your company has one or a thousand devices all need to be compliant and secure. It is time to think seriously about allowing your employees to make calls, store contacts, access work emails and download work-related apps to their personal devices. The deeper you delve, no matter what your company size, you are likely to be managing an array of corporate and personally-owned devices that are authorized to connect to the corporate network, making it difficult to manage and prevent security breaches. It’s just as important to protect mobile and IoT devices, as centrally held corporate data can be accessed through them and they are increasingly becoming our preferred device.
Where to start? The first thing you need to get to grips with is the location of any personal business data you are holding. The best way to do this is to complete a data assessment report. Within the report you should document how data is intended to be processed for regulatory inspections. You should examine if you are lawfully processing data, and whether processes will be permitted to continue doing so under the new regulations. Penalties for failing to do this could reach of up to €20 million or four per cent of annual worldwide turnover – whichever is the greater. Finally, the assessment, should also outline your data security breach plan to ensure the new rules can be met, as well as develop a framework to monitor processes and train staff accordingly.
Report complete, making it a reality. GDPR protection measures must cover mobile and IoT devices. Devices that are stolen or stray into the wrong location, should be remotely wiped to ensure complete safeguarding. If you haven’t already, it really is time to consider if you are going to allow your employees to save data on personal devices.
Having a passcode is just the start. Using encryption to prevent unauthorized access and ensuring the device (and access to data) is always password protected will minimize the risk of corporate data being compromised, in the event of a security breach. But this is just the start, other features, such as an automated log-off after a certain period, can also protect against illicit access. Want to be safe? Being able to locate and lock-down the device means you are confident the data cannot be breached.
Thinking about the future, a lot to manage! That is where we excel. Subsidium Managed Solutions provides you with mobile devices that suit your business needs and are fully controlled (managed) using SOTI MobiControl.
The Power of SOTI and Subsidium. SOTI MobiControl can control every aspect of business mobility, securing and managing platforms such as Apple iOS, Google Android, and Microsoft Windows. SOTI MobiControl can help businesses manage devices within the GDPR compliancy framework, including the ability to remote wipe a device, and secure and locate a lost or stolen device.
The final message is clear and stark! If devices cannot be made compliant, it’s time to take safety measures and invest in different products. Preparing for GDPR may take some time and money but, it will pay off to be thorough. You must implement these methodologies now rather than waiting till the last minute. With less than a year left, it’s critical for you to understand what you need to accomplish in the remaining time so you aim for long-term security.
Subsidium is ready, we are waiting for you.