Half way through the two-year implementation period before the General Data Protection Regulation (GDPR) is taking effect, many decision makers in businesses around the world are still unaware that the new law will affect them.
Only 39% of companies in the UK identified GDPR as a compliance issue, and as low as 25% in the US. (NTT Global Report Risk-Value 2017)
Contrary to what one could think, any organization that processes EU citizens’ data will have to comply with the EU GDPR by May 25th, 2018. From this date, businesses must be able to justify their reasons for holding or processing every data they possess, exposing themselves to massive fines in case of non-compliance.
With the generalization and ever expanding use of mobile applications, BYOD Devices, etc., picking the right mobile security solutions will be critical for GDPR compliance.
Here are several GDPR principles and how to enforce them through mobile security.
Data protection by design and by default
On the one hand, it is expected companies will include data privacy protection as part of their development process. On the other hand, they must apply the appropriate technical means and methods and organizational processes to ensure only relevant data collection, processing and storage.
In a mobile fleet management context, an EMM / MDM solution will establish a clear boundary between personal and business data on the device and prevent the enterprise from accessing the content of personal apps or personal email accounts.
In a mobile application development context, this means building security and confidentiality as core to the initial development steps. To do so, developers can resort to a security testing solution that integrates in their work platforms to audit application security levels during the whole development process.
Security adapted to risks
GDPR asks companies to guarantee users security that is commensurate to risk levels. Organizations must put in place procedures to regularly test, analyze and evaluate security practices, to fully ensure processes for data confidentiality and integrity.
Using an EMM / MDM solution that enforces data encryption on the device is a first step to protect data and justify the implementation of security practices to the authorities. Furthermore, integrating a security solution to your EMM / MDM that automatically analyzes the device integrity and applications behaviors provides a complete mobile data protection.
On the mobile application side, a self-protection SDK integrated in applications’ source code will protect them against other applications threats and impending network connections.
Internal reports of all data breach incidents
When a breach is detected, the company must notify the competent regulator within 72 hours. If the breach carries a high risk for some users, the company must also warn them. It is also asked to companies to retain internal reports of all data breach incidents that could compromise data privacy, as well as remediation steps taken and resulting outcomes.
Companies can use monitoring tools to track their mobile activities. Both EMM / MDM and Mobile Threat Defense solutions aggregate logs to determine what actions took place leading up to a data breach and what, if any, subsequent actions were taken.
Concerning mobile applications, in-app self-protection SDK solutions also provide companies with analysis and investigation materials in case of a data leakage.
May 25th, 2018 may sound afar, but it’s only 9 month away. The clock is ticking.
Discover Pradeo's Mobile Threat Protection, App Self-Protection and App security Testing solutions.
Integrate PRADEO SECURITY to your EMM/MDM: AirWatch, MobileIron, IBM MaaS360, SOTI.