Has your company established GDPR compliance? Here’s what you need to do to protect your organization from a GDPR penalty.
GDPR Making the Headlines Again
Most businesses will be aware of the General Data Protection Regulation (GDPR) by now – the regulation by the European Union came into effect in 2018.
In this respect, it is nothing especially new for businesses. And because the changes were initially so groundbreaking, a lot of people doubted whether it would actually ever lead to real enforcement.
Some businesses therefore have not established GDPR compliance and carry on mishandling personal data as before.
Why It’s Time to Act
However, this month there were two important reminders that data protection regulation is not going away and companies that fail to rethink their security measures are liable for huge GDPR fines.
The ICO – the UK’s independent authority that protects data privacy for individuals – imposed two hefty GDPR penalties on British Airways and Marriott International, the well-known hotel chain. Because both suffered a data protection breach at the end of last year, the ICO intends to fine British Airways €204.5M and Marriott International €110.4M.
Obviously it is a complicated area, but these fines show that GDPR compliance in the UK and Europe is something that, if ignored, can lead to crippling financial repercussions.
GDPR Compliance Checklist
In order to establish GDPR compliance, and to meet the ‘appropriate technical and organizational measures’ as stipulated in Article 5 of the GDPR, your business or organization will have to rethink existing security procedures and evaluate the security infrastructure.
Most checklists online contain similar recommendations. Here is a short selection of the key points you will find on almost every GDPR compliance checklist, with one important addition:
- Existing security tools need to be assessed for their effectiveness against external threats like malware and phishing
- Due diligence measures must be ready to take place in the event of corporate acquisitions
- All areas where information is processed need to be identified, including identification of those who can access it
- Establish accountability throughout, starting with the appointment of a DPO (Data Protection Officer)
- Aside from traditional workplace computers, iOS and Android devices must also be protected and the data they have access to adequately governed.
It’s this last field of Mobile Device Manangement (MDM) that each GDPR compliance checklist often overlooks or fails to explicitly mention. Our whitepaper looks at this aspect in more depth.
Our GDPR whitepaper contains valuable insights into mobile data security, including a free GDPR checklist
Read Whitepaper »
GDPR Compliance Doesn’t End With the Devices on the Office Desk
Companies have a duty to safeguard personal data on enterprise smartphones, tablets and laptops that are used off-premises, whether corporately or privately (BYOD) owned.
It is one aspect that Cortado Mobile Solutions specializes in. The Cortado MDM software acts as data protection solution for the mobile devices and mobile apps which your company uses on a daily basis.
Smartphones, iPads, laptops and wearables often have access to sensitive personal data which, if not protected, leave your company open to a GDPR fine and a serious data protection breach. In another post, we addressed the specific risk that WhatsApp poses to GDPR compliance, for example.
With our solution, you retain control and possession of all business data via an intuitive data separation process at the operating system level.
Alongside a wealth of management and productivity features that result in a quick ROI on their own, Cortado MDM crucially helps you to prevent data breaches from occurring on mobile devices with its mobile security features.
For more information on why our solution is excellent at delivering GDPR compliance, contact our team or download one of our free white papers. A 14-day free trial of our software is also available on our website.