Introduced in January 2012, the EU GDPR or General Data Protection Regulation will be enforced on 25th May 2018. It has been developed to provide a cohesive data privacy law for companies and to increase data protection for citizens who reside in Europe. Although the EU developed this law, it has ramifications across the globe.
The law automatically applies to every company, large or small plus all government agencies and non-profit organisations, with a few exceptions, where there are less than 250 employees. It also applies anywhere in the world if they collect, store and/or process the personal data of EU citizens by any means, with any type of device. Non-EU businesses processing the data of EU citizens will have to appoint a representative in the EU to become GDPR compliant.
Organisations must have a plan in place to protect not only the mobile devices themselves, but also the applications and the data stored on these devices. There is specific emphasis on customer personal information stored on mobile devices as they are deemed to be more susceptible to data theft, physical theft and loss.
GDPR-regulated data on mobile devices
Each one of the following will contain some kind of GDPR-regulated personal data (e.g., contact information, email addresses) or access to systems that may store personal data.
- Work Calendar
- Corporate Email
- Corporate Contacts
- Enterprise Applications
- Corporate Networks
- Corporate Messaging
- MFA/Stored Credentials
- Administrative Tools
How to be GDPR compliant on mobile devices
Organizations facing GDPR compliance requirements, and therefore wishing to become GDPR compliant, need to explore mobile threat defence solutions. These solutions will include protection for mobile apps, providing the visibility and policy controls they need to protect their GDPR-regulated data.
There are many Mobile Device Management solutions that can help organisations become GDPR compliant, including Maas 360 and SOTI for smaller fleets of mobiles.
If you would like further information on Maas 360, SOTI or general MDM advice, please do not hesitate to contact Horizone.
FAQs for business
Which businesses does GDPR apply to?
- All companies with a presence in the EU.
- All companies not based in the EU, but processing the personal data of EU residents.
- All companies that employ over 250 staff.
- Companies with less than 250 employees where their processing of personal data is not occasional, includes certain types of personal information or where it impacts the rights and freedoms of the subjects.
- The law also applies anywhere in the world if businesses collect, store or process the personal data of EU citizens by any means, using any type of device.
- Non-EU businesses that are processing the data of EU citizens must appoint a representative in the EU in order to become GDPR compliant.
When must affected businesses become compliant?
By May 25, 2018!
What types of personal data does GDPR cover?
- Personal Name, Address, ID numbers and other basic identity information.
- Web information such as IP addresses, cookie data, RFID tags
- Personal Health and Genetic data
- Personal Biometric data
- Racial or ethnic data
- Individual Political opinions
- Information regarding sexual orientation