Mobility Presents a GDPR Risk

Mobility Presents a GDPR RiskGDPR has been in effect for over a week now, and organizations are still in the process of becoming compliant. An important part of this undertaking is acknowledging and mitigating the risks the mobile devices can cause in the workplace. A recent survey from Mobile Threat Management Security provider, Lookout found that 84% of IT executives believe that the personal data accessed on their employees’ mobile devices could put their organization at risk for GDPR noncompliance. With that in mind, businesses should be sure they’re aware of the fact that mobility presents a GDPR risk.

Article 17 of GDPR, “the right to erasure,” states that “the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.” Mobile devices and applications are a potential risk to this article. Employees often access customer, partner, and employee data from their personal devices, which include email, contacts, calendars, and enterprise applications.

Because all mobile applications have not been developed with GDPR compliance in mind, some may not support the right to erasure. Additionally, some businesses assume that Enterprise Mobility Management (EMM) or Mobile Device Management (MDM) offers visibility into this possible risk. However, EMM and MDM do not give organizations insight into the ways mobile applications are using data.

In addition to this, malicious applications pose a threat to GDPR compliance. Article 5 of GDPR states: “personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.”

Mobile devices are a big target for cybercrime because of the data they hold, including location, microphone, camera, and photos. These cyber attacks have become easy to deploy, so much so that someone could hire a cybercriminal to launch the attack for them. Malicious applications can compromise an employee’s mobile device, enabling attackers to gain access to any information on the device, which is a huge risk for GDPR.

Mobile devices in the workplace are a necessity, but with GDPR being officially enforced, the game has changed. Businesses with unsecured mobile policies are seriously at risk of having to pay GDPR’s steep fines unless they create comprehensive plans to increase security. By being aware of potential risks, organizations can more easily find a solution and comply with GDPR.