Since 1998, the Data Protection Directive has been protecting personal data in the EU by prompting member countries to pass legislative acts to safeguard customer data. This led to the emergence of local laws that governed corporate bodies based on their geographical locations. These local laws are now set to be replaced by the General Data Protection Regulation (GDPR) which will be applicable for all member countries.
It features a single set of rules that is applicable to all EU member states. Each state will have to set up an independent Supervisory Authority (SA) to investigate complaints, authorize administrative offenses and more.
The new regulations on data protection were proposed by the European Commission in 2012, was approved in April 2016 and will be applicable from May 25, 2018. It will supersede the national laws being implemented by the 28 EU member states. Many of the principles and concepts of GDPR will be similar to the current Data Protection Act. However, there is some noticeable changes and improvement included in the GDPR. The biggest difference relates to accountability.
As per the new legislation, the accountability of data security will lie on companies, willing them to study and understand the risks they create for others and to allay those risks. Data controllers and data processors will be subjected to a regime under which they will have to deal with general personal data breach notification as well.
The new GDPR guidelines state that any organization doing business in the EU, regardless of its size, will have to collect, store and use personal data more securely. GDPR defines new commitments and accountabilities for data processors:
- Provision of a suitable level of data security
- Explicit consent from customer for data collected and used
- Notifications to data controllers and supervisory authority about data breach
- Keeping records
- Direct liability leading to compensation payment
- Regulating and monitoring controllers, assisting with their compliance of security obligations
In essence, GDPR will impose key principles of privacy to enforce accountability on corporations:
- The right for users to purge their data
- Appointment of a Data Privacy Officer
- Transparency of data that is collected
Under the new EU GDPR, in the event of a data breach, organizations can be fined up to 4% of their global annual turnover.
GDPR rules that corporations need to be aware at all times where their data resides, who all can access it, and if breached where the break might have occurred. Though a large number of attacks on businesses involve malware, viruses or spyware some may even occur due to human errors like losing documentation, sending email or message to the wrong recipient or not redacting personal data.
One of the most common occurrences for a security breach in a corporate environment is during data exchange between user mobile endpoints. Corporate employees are continuously connected and always on the move. While in transit, they should be able to connect with each other and work together, with whichever device they may have. As a result of the unprecedented adoption of mobile devices used in the corporate environment, many companies are often unable to keep tabs on what devices or users can access corporate data.
Corporations need to train their employees who use their own devices in the workplace by developing a culture of responsibility around mobile data. One of the ways to gather data or information on breach of data is by having a system in place to manage and track mobile devices that are used by company employees to access end user data.
Enterprise Mobility Management (EMM) helps companies fulfill these responsibilities by offering solutions that can partly comply with GDPR rules via enforced policies and automatic compliance reports.
An EMM solution can consolidate the management, control, and security of all organizational devices including both BYOD (Bring Your Own Device) and corporate-owned devices. Apart from traditional device management, EMM also helps in the management and configuration of enterprise apps. A strong EMM solution should be able to offer the required technical support to simplify management and security for IT as well as make it a pleasant user experience for employees, all the while complying with GDPR rules.
At 42Gears we take a rational approach to GDPR complexity and try to map parts of its requirements to precise workloads or corporate environments, helping employees stay compliant within that specific area. Our solution is to cover the mobile environment and end-user devices of an organization. 42Gears solutions are designed to manage end-user devices using modern technologies with built-in privacy settings. Windows PCs and wearables can be managed as well, allowing adherence to the new privacy requirements. Our products can work with a variety of use cases like:
- Bring Your Own Devices (BYOD)
- Corporate-owned, managed and controlled
SureMDM by 42Gears is defined by its privacy and technology integration that safeguards IT from accidentally or purposefully altering policy rules that may put end-user privacy at risk.
The MDM solution offers persona-based management that allows companies to assign an Admin role, ensuring only people with the highest level of authority can access or change privacy policies. 42Gears products are designed to collect the minimum amount of user data info necessary.
GDPR is expected to influence the process of data collection, its usage and most importantly, how it is communicated to users. 42Gears has diligently worked towards creating a platform with built-in privacy measures and is confident about helping customers function as per GDPR guidelines.