Home / Tech News / Is your company part of the GDPR 'mobile loophole'?

Is your company part of the GDPR 'mobile loophole'?

Mobile tech, and especially mobile brought into companies through BYOD, has unique challenges for companies that need to comply with General Data Protection Regulations (GDPR) — and that’s virtually all companies, not just the ones in Europe. The regulations compel companies to manage personal data and protect privacy, and they provide individuals to have a say in what and how data about them is used.

GDPR has several disclosure and control requirements, such as providing notice of any personally identifiable data collection, notifying of any data breaches, obtaining consent of any person for whom data is being collected, recording what and how data is being used, and providing a right for people whose data is being collected to see, modify, and/or delete any information about them from corporate systems.

The problem is many corporate systems now extend into mobile branches that include smartphones and, in some cases, tablets. Analysts at J.Gold Associates, LLC. estimate that in about 35 to 50 percent of cases, these devices are not actually corporate devices, but personal devices being used by employees of the company in their daily work. As a result, these devices, which often contain corporate data from being connected/synced to back office systems, and including data about individuals, are subject to the same regulations and restrictions of GDPR as larger systems (e.g., PCs and servers). (Note: I am the principal analyst at J.Gold Associates.)

GDPR also applies to any corporate-developed apps that have been deployed to mobile devices. Apps such as CRM, sales force automation, marketing and sales, and customer service are all potentially affected by GDPR.

We estimate that 65 to 75 percent of enterprises do not have a full management suite available on mobile devices that can set appropriate policies and monitor data use and data flow, all of which is necessary to comply with GDPR. Moreover, our research shows the vast majority of companies indicate they can’t say with certainty what’s actually on a user’s mobile device. This is a direct challenge to GDPR compliance.

Mobile ‘loophole’ may make companies non-compliant with GDPR

This mobile “loophole” in GDPR compliance is not often discussed. Yet the ability for employees to store and potentially share individual data about business partners and customers represents a real possibility that companies that thought they were compliant may not be.

This is a new area just starting to be recognized by many enterprises, and I expect that next couple of years we’ll see fairly lax enforcement by the authorities as many kinks are worked out in what/how non-compliance is determined, pursued and penalized. Yet there is still a very real threat that enforcement could become stringent, particularly if it is shown that a data breach or other misuse of data has occurred.

Data breaches of mobile devices can be particularly problematic, as so few enterprises actually know if their mobile devices (or BYOD smartphones) have been breached. Indeed, our research shows that 65 percent of companies either believe their mobile devices have never been hacked or don’t know if they’ve been breached. Given that 50 to 65 percent of users answer yes when asked if they have ever experienced a data breach on their mobile devices, it’s clear there is a major shortcoming in enterprise knowledge and management of mobile security.

About yogabeautyhealth

Check Also

The Best Smart Bulbs For Your Amazon Echo

If you want to light up your home the smart way (figuratively, and perhaps literally), …

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: