What does the General Data Protection Regulation (GDPR) imply?
If you don't know what GDPR is, we will briefly explain it. In 2018 an European law was introduced that says every individual should have full control over their personal data. The legislation covers a lot of data: from our name to our age to the IP address we use. This is a positive development, as it ensures more privacy. But as an organisation, it also means that you must comply with certain guidelines. If you don't, you face sky-high fines of up to 20 million euros or 4% of your annual turnover.
What guidelines do you need to comply with as an organisation?
Data processing must be:
- Lawful, adequate, and transparent
- Have a clearly defined purpose
- Be limited to what is strictly necessary
- Contain accurate and up to date data
- Limit the storage of data to as long as necessary/obligatory
- Protect data from unauthorised or unlawful processing or destruction, loss, or damage
Keep personal and company data separate
Looking at work phones or the use of personal devices for work purposes, it is best to pay attention to the last two guidelines, written in the previous paragraph. When you offer a work phone to your employees, they often get the option to use the phone for personal purposes as well. This makes it easier for the employees because they won't have to walk around with two phones. However, you must be careful to keep the personal data separate from the company data. As an employer, you are responsible for protecting the data stored on your employees' devices and ensuring that it is in line with GDPR.
Implement simple and secure device management
As an organisation, you maintain a good overview of the devices that are circulating within your organisation. Mobile device management (MDM) is the right solution, a service that we also offer within Device as a Service. If you want to know more about it, click here.