barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube
5 min read

How to Stay GDPR-Compliant with Mobile Device Management

5 min read

Avatar

For any business or organization operating in Europe, May 25 2018 was an urgent deadline. The GDPR, while a huge win for consumer rights and privacy protection overall, requires action for anyone who collects and stores personal information, such as names, e-mail addresses, and phone numbers. If that sounds like almost all businesses these days, it’s because that’s precisely the case.

GDPR in a nutshell

  • Passed in 2016, EU’s General Data Protection Regulation came into full effect in May 2018
  • 510+ million EU residents are covered by the regulation, forcing all businesses with EU operations to comply with tight rules on how to store personal data on customers
  • For individuals, the GDPR brings multiple protections:
    • Depending on the severity of the breach, businesses must disclose data breaches to authorities and/or the consumers within a couple of days of discovery.
    • In particularly serious cases, consumers must be notified of breaches as well.
    • Individuals have a right to know what information on them is being stored.
    • Individuals have a right to have all this information erased at request, except when legitimate legal requirements for archival are in place.
    • These requirements are likely to require changes in IT architectures and databases.
  • Businesses who fail to comply can be fined up to EUR 20 million, or 4% of their annual global turnover.

Miradore can help you stay compliant in 8 ways

  1. Locked screens and passcodes stop threats of all sizes
  2. Unencrypted data on the move is a liability
  3. Unnecessary data should be destroyed
  4. Take control of data and apps on business devices, separate business use from personal use
  5. Know where you stand with software updates
  6. Stay informed about what software your device fleet is running
  7. Address the risk of theft
  8. Deploy and enforce settings remotely

1. Locked screens and passcodes stop threats of all sizes

Virtually all mobile phones now feature lock screens with PINs or pattern locks. This level of authentication alone can stop the most opportunistic types of unauthorized access. It’s also a central part of making phones unavailable against more advanced attacks.

With Miradore's EMM, it’s easy to enforce passcode policies on mobile devices. Our user-friendly dashboard makes it easy to follow up on policy compliance. This proves especially useful under the GDPR’s requirements for "privacy by design" and "privacy by default".

Under these requirements, companies need to prove that they’re in control of user data and that they’ve taken steps to protect it. It’s important to be able to implement group updates, restrict apps and networks, and enforce security measures.

2. Unencrypted data on the move is a liability

Encryption is often available with the push of a button, to keep data inaccessible to anyone who fails to enter the right key or password. We can divide data encryption into two main categories: that of data at rest and data in motion. Data at rest is data stored on, for example, phone memory, and it’s easier than ever to benefit from this.

Apple’s iOS devices are designed with encryption in mind, and late-model Android flagships are catching up. Miradore confirms your fleet’s encryption status through a single pane of glass.

As a side note, it’s worth remembering that the encryption of flash memory is even more crucial than old-time spinning hard drives. The way the firmware on flash disks shift around data internally, for wear leveling, can cause unwanted data retention in areas that are no longer accessible to the disk interface. Such data could be accessed by advanced adversaries. To be sure to avoid this, encrypt all computers and phones immediately out of the box.

3. Unnecessary data should be destroyed

To stay compliant with GDPR, it’s important to limit the time during which data is stored on devices. It becomes crucial to properly empty and reset devices when they’re decommissioned or reassigned, to avoid leaving debris of data on old devices.

Whether you’re dealing with a lost device or just one in need of a reset, Miradore is at your service with comprehensive wiping capabilities, which can be used remotely if needed.

4. Take control of data and apps on business devices, separate business use from personal use

People love instant access to whatever apps they’re used to for sharing data and communicating. However, sometimes reasonable consumer choices aren’t suitable for the workplace. As needed, Miradore's EMM allows you to white- or blacklist apps according to the needs of your corporate network. We can also help you disable device features such as the camera or Wi-Fi.

For a more granular approach to preventing data leakage on Android devices, we offer full support for the Android Enterprise Work Profile, an option for separating work and personal app environments on phones. This functionality offers an instant jump between user profiles for work and personal stuff, with the work data protected by a separate passcode.

For iOS devices, we enable you to use the Apple DEP (Device Enrollment Program) for complete device management of your company-owned devices, including zero-touch device setup.

5. Know where you stand with software updates

Software is like precious humans writing it: complex and imperfect. That’s why IT largely rotates around making sure software updates, patches for security and reliability problems get installed on target devices.

Reaching a sensible patch level requires information, and Miradore's EMM provides just that. This is a sanity saver when the number of devices starts reaching double digits in a small organization. With Miradore, you can automate patch management for Windows devices and see your OS versions with a single glance.

To make sure your data doesn’t leak or is locked up according to the whims of malware businesses, anti-malware and similar tools may also make sense where applicable. With Apple VPP and Managed Google Play support, we make the delivery of these easy.

6. Stay informed about what software your device fleet is running

For companies with the role of the data controller, it’s required by the GDPR to actively prove what’s done to protect personal data and improve data security. Reporting and logging capabilities are going to be valuable tools.

Whether you choose to be very open to user choice or very restrictive with apps, it’s a good idea to follow up. To be compliant with GDPR puts our extensive Report Builder in Miradore's EMM to good use. This tool delivers easily readable reports on a number of things, including apps and their versions.

You may not always want to go as far as only allowing whitelisted apps in the modern workplace. But when needed, sound reporting capabilities can help you find apps installed from outside the Google Play Store, or disk space and bandwidth hogs.

7. Address the risk of theft

Many of the things we’ve discussed above add up when assessing a security threat model to fit within regulations. Yet there’s one factor so obvious it’s easily overlooked: the form factor and mobility of modern devices, which impact their physical security.

Powerful mobile devices with access to full corporate resources are carried around in pockets, bags, and purses to an extent that was hard to imagine around a decade ago when the laptop was the mobile device of choice.

Laptops are often carried around in designated bags, which certainly are exposed compared to desktops and servers locked away at corporate premises. However, unlike phones, laptops are usually not around when the end-user goes bar hopping.

It’s hard to be more direct as to why mobility management matters as an augmentation of the very limited physical security of your mobile hardware assets. Mobile devices will eventually get stolen and lost. The question is whether your organization has tools to lock or wipe devices that have left your control. Additionally, encryption is paramount. When encrypted, a lost device is simply a lost device, but otherwise becomes a data loss liability.

8. Deploy and enforce settings remotely

In countries where data caps on mobile plans are a thing, users are thirsty for free Wi-Fi. And even on semi-trusted networks, there might be a need to access company-only services. With Miradore Mobility Management, things like Wi-Fi passwords and VPN profiles are easy to distribute widely, without physically touching the phones.

Several of our customers success stories cite our easy remote onboarding as a win and time saver in their IT workflows. By taking network settings in your own hands, good network hygiene and segmentation becomes attainable for IT.

 

Disclaimer

This document is not a complete guide to reaching compliance GDPR. In fact, it’s unlikely anyone could give binding, yet quick advice on achieving compliance. Please seek legal counsel and specific technical expertise to learn the best ways to comply with your case.