Mobile Devices and GDPR: Six months on

Monday 26th November 2018

It is hard to believe that it was only six months ago that businesses across Europe were finishing their preparations for the biggest shake-up to data protection law. Studiously following the ICO’s 12 steps, we were auditing data, reviewing consent, drafting policies and updating privacy notices with the fervour of an apocalyptic terror (such is the monetary penalty for failure to comply).

These new regulations are designed to give citizens of the European Union more control over their personal data. And we commend that. In an increasingly digital-driven world, the new regulations have been written for the modern era where very little of our working and personal lives are untouched by technology.

Mobile devices and GDPR

At Source Telecom, we’re often asked by customers whether GDPR impacts on them as the mobile devices they use are “all password or pin number protected and therefore secure. Right?”.


Ask yourself the following:

  1. Do your employees use mobile devices to contact your customers?
  2. Do your employees save customer data onto mobile devices?
  3. Do your employees ever take their mobile devices out of the office?
  4. Can you lock down a mobile device should it become lost or stolen?
  5. Are you managing your team’s devices?
  6. Will you be responsible for a data breach if the device is lost or stolen?

If you can answer “yes” to one or more of the questions above, then GDPR applies to your business and you must have robust security measures and company-wide policies in place.

After all, if one lost or stolen mobile device is a breach of confidentiality, then you have to ask:

Can my business afford…

  1. to pay customers the compensation they are entitled to if we experience a breach and the correct processes are not followed?
  2. to pay the huge financial penalties that the ICO has the power to inflict?
  3. the negative publicity that a data breach will create, impacting our brand and long-standing reputation?

If you answered “no” to one or more of those questions, then you need to read on and learn how Mobile Device Management can ensure your mobile devices are GDPR-compliant.

How can MDM support GDPR?

Mobile Device Management (or MDM for short) is an administration tool to help you remotely deploy, configure, secure, monitor, and manage your devices.

The GDPR sets out seven key principles that businesses must comply with; failure will result in the hefty fines and negative publicity mentioned earlier.

MDM can help your business comply with the principles of:

  • purpose limitation
  • data minimisation
  • accuracy
  • storage limitation
  • integrity and confidentiality

Source Telecom’s MDM solution features award-winning control software to manage your device. We can add this to your fleet of devices to allow you to:

  • Locate lost/stolen devices
  • Lockdown lost/stolen devices
  • Prevent data sharing with third party apps
  • Blacklist and whitelist apps to ensure only secure, approved apps are downloaded onto the device
  • Remote control the device from a desktop
  • Remotely wipe/remove data from the device


Issue regular GDPR reminders to your employees
You can use MDM to push notifications to your employee’s devices and be notified when they’ve been read.

Review your data storage
Starting with ‘where is the data?’. A customer name and email address on an employee’s phone is a form of data processing. As a data controller, are you fully aware of the places you are holding customer data and the risks that could be faced by each device?

Review your mobile device policy
Do employees use their work phones for personal use? Are staff using their personal devices to contact customers in the office or out in the field? Are they using their work tablet at home to log in and finish an email? Do you have a policy on BYOD (Bring Your Own Device)? If you allow staff access to their work emails via their personal device, then any personal data held within the business will be outside of your control.

Review your IT policy
If you allow employees to charge their phones by plugging them into their PCs/laptops, and if the phone has a virus or other malware it could easily infect the PC/laptop and therefore your network. Consider the range of devices both in the office and out in the field and how they are used, maintained and controlled.

Review your data security, retention and archive policies
How secure are your devices in terms of encryption and accessibility? Do you have a policy that forces password and/or pin number changes regularly? Are they robust enough to be not bypassed or guessed (your birthday, your landline extension, etc.)? Once data has been archived, can you be sure that it is removed from every device?

Source Telecom works with carefully chosen technology partners and can provide your business with the most trusted MDM solution. With two levels of MDM packages – Manage-Your-Own, and Fully-Managed – we guarantee there will be one to suit your business and budget.

If you want to take centralised control of your devices, deploy rigorous device security, and get access to a 24-hour helpdesk and a global tracking facility, talk to the team at Source Telecom on 01324 469146.


Further reading:

Blog: Mobile Device Management – The simple solution for business success

Share this story

To receive updates from Source Telecom - from our latest blog and industry news to the latest iPhone hacks and more, subscribe to our mailing list.