The European Union's General Data Protection Regulation (GDPR) is a comprehensive legal framework focused on data security and privacy. From an organizational standpoint, the GDPR lays down the ground rules for collecting personal data from European Union (EU) data subjects, securing that data through its entire life cycle, establishing and enforcing accountability for the processing of personal data, and setting up countermeasures in the event of a data breach.
From now on, all businesses that process the personal data of EU data subjects will have to abide by the GDPR, regardless of where their business operates. If a business is found to be non-compliant, it will face a penalty of up to €20 million or four percent of their global turnover (whichever is higher).
With a growing number of businesses across the globe embracing the use of mobile devices to improve employee productivity, enterprise mobility management (EMM) will play an integral part in helping organizations comply with the GDPR by ensuring the security and privacy of mobile data.
The following table shows how Mobile Device Manager Plus MSP helps you with the GDPR:
GDPR Article Number | Article Description | How Mobile Device Manager Plus MSP helps? |
---|---|---|
5.1.f |
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and confidentiality"). |
Gain visibility into mobile users trying to access your Exchange server, and restrict them from accessing any personal data. |
25.2 (i) | The controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage, and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons. |
Segregate personal and corporate workspaces on managed mobile devices. Ensure that sensitive business data is secured within the corporate workspace.
|
30 |
Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities, purpose of processing, description of categories of data, security measures, comprehensive data flow map, under its responsibility. |
Maintain and view a record of all processing activities carried out using the Mobile Device Manager Plus MSP server. |
32.1.a |
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: the pseudonymisation and encryption of personal data. |
Encrypt sensitive business information, such as customers' personal data, stored on mobile devices used by your employees. |
32.1.d (iv) |
A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. |
Receive periodic notifications on whether the mobile devices managed by your organization are still compliant with the corporate policies assigned to them using Mobile Device Manager Plus MSP. |
32.2 | In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. |
Prevent data loss and unauthorized data access by:
|
32.4 | The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law. |
Configure role-based access to ensure that authorized personnel using the Mobile Device Manager Plus MSP server can:
|