Why BYOD could threaten your GDPR compliance
If you are not aware, BYOD (Bring Your Own Device) is a policy conducted in business that allows employees to bring their own computer devices to work. This could be something you have never considered as a security risk before, but with the GDPR deadline getting closer it may be something you have overlooked in order to make you fully compliant.
Why is it relevant to GDPR?
As the main focus of GDPR is the safe storage and management of sensitive personal information, as well as who has access to it, BYOD clearly presents some risks to compliance.
- More devices mean that there are many endpoints accessing your network, making your data more widespread, and therefore easier to intercept. This also means less visibility and control for employers over their data and what is being shared.
- GDPR also presents a new policy of ‘the right to be forgotten’, meaning that every individual (or data subject) has the right to obtain the removal of any personal data from your business without undue delay. It is harder to adhere to this if all your data is not stored on one network as you will have to track down every device individually to guarantee you have erased specific data.
- Having a device outside of your network makes your data more vulnerable, especially if the device used is stolen or if the employee leaves the company.
- Moreover, this means that the regular patching and updates carried out over all in-house computers will not cover your device, meaning that it would be up to the individual to remember to update it regularly. This could mean that your device is lacking the vital security updates to protect your data.
The threat of not complying with GDPR regulations could be detrimental to your company, the penalty is 4% of your annual global turnover, or £20 million, whichever is greater. It is imperative to reassess any BYOD policy you have, for the security of your company as well as your data. For a rundown of how you can prepare for GDPR, have a look at our blog post 'How to stop the GDPR making a big impact on your small business'.
How can you make sure your BYOD policy is GDPR compliant?
BYOD can be a very useful and productive policy to have in place, it makes your employees more mobile and potentially more productive as they are able to use a device they are familiar with. However, the policy requires a great deal of organisation and monitoring on the company’s part.
- The main way to do this is to employ a Mobile Device Management system. At Xenace we have a cloud-based system, providing you with a simple and efficient way of managing all devices from a central admin system. Our solution allows you to register mobile devices, update and configure settings wirelessly and secure all mobile devices, even allowing the data on the phone to be completely wiped if it is stolen. This covers a varied fleet of Apple iOS, Windows and Android devices from a central management console.
- Also, it is very important to keep up with any updates and patching for every device, with the same diligence as is given to your in-house computers. The best way to do this is to subscribe to fully managed IT support, that way you don’t have to remember to keep up to date – we will do it for you! As well as this we will carry out regular backup checks to make sure all your data is secure, alongside the traditional benefits such as 24/7 system monitoring and unlimited onsite and remote IT support.
If you are interested in finding out more about GDPR compliance, get in touch with us! It can be very daunting, but the deadline is getting closer and closer so do not hesitate to ask us about any concerns you have. Also, we are more than happy to advise you about any BYOD policies you have in place, and show you how our Mobile Device Management system could benefit your company and if you think that our fully managed IT support is something worth considering, this is as good a time as any to find out more about it!