The new General Data Protection Regulation (GDPR) is fully applicable in Europe from 25th May 2018 and organisations will no doubt already be putting together plans to ensure they comply. If you’re not already aware, GDPR is replacing the UK Data Protection Act as the new legal framework for data protection in the EU. Organisations have access to personal data through a number of telecommunication channels and so complying with the new regulations may seem like a big task – and it is. However, a great number of communication solutions have the technology to help you comply with the GDPR principles – here we look specifically at Enterprise Mobility Management (EMM) and how you can deploy it for GDPR.
GDPR can be understood as 8 key principles, these are:
- Lawful, fair and transparent processing: Organisations must have valid grounds for processing personal data and must provide that information to individuals.
- Purpose limitation: There must be a clear and explicit reason for processing personal data. May only be processed for purpose it was collected.
- Consent: Individuals whose personal data is processed must generally provide consent.
- Data minimisation: Data processed should be limited to what is strictly needed for a specific purpose and access should only be granted to those who need it for that specific purpose.
- Accuracy: The data should be accurate and inaccuracies should be rectified as soon as possible.
- Storage limitation: The data should be retained for only as long as needed for designated purpose.
- Integrity and confidentiality: Data should be processed in a manner that ensures appropriate security including protection against unauthorised processing and accidental loss.
- Accountability: The enterprise should be able to demonstrate compliance with and remediation for the above principles.
Enterprise Mobility Management and GDPR
Failing to comply with these key GDPR principles can result in fines of over 20 million euros or 4% of the company’s worldwide revenue. Our Enterprise Mobility Management solution has a number of features which help comply with the above principles and avoid facing monetary penalties. With an EMM solution you have the capability to:
- Enforce data encryption on the device by monitoring encryption settings and providing secondary encryption settings for the device. This complies with principle 7 around integrity and confidentiality.
- Establish a clear boundary between personal and business data. This complies with principle 1,2,3 and 4.
- Enforce trusted access to business services, and unauthorised access can be blocked, this also helps comply with principle 7.
- Use audit logs to determine what actions took place leading up to a data breach and what actions were taken. This complies with principle 8 about accountability and being able to demonstrate compliance.
- Enforce data loss prevention (DLP) controls including remotely wipe confidential data. This complies with the storage limitation and integrity principles.
The GDPR will bring with it new ways of working but it needn’t be a daunting prospect. There are a number of telecoms solutions which have the features to help you comply with GDPR and EMM is just one. Aside from helping with GDPR compliance, EMM provides a simple way to manage and secure mobile devices and tablets across your organisation. To find out more about the features of EMM take a look at our webpage or if you’d like to speak to someone about any of our solutions, please contact us.