With more pressing things like the global Covid-19 pandemic and Brexit to distract us, it feels like we’re a lifetime away from the hand-wringing that went on in the run up to the introduction of the Data Protection Act 2018 – or GDPR, as it quickly became known.
Make no mistake, your personal data – name, email address and phone number, for example – is hugely valuable to businesses that use it for lead generation.
Look at the ads on your Facebook feed or consider those you’ve responded to, and you’ll begin to understand how being able to target people within a certain socio-economic demographic or community of interest can put a business at a competitive advantage.
Facebook advertising is expensive, and the more competitive the market, the more expensive it becomes. Ergo, Facebook makes an eyewatering amount of money every year by using what it knows about you – your data – to help businesses target their products and services at you.
And if it’s that valuable when used legitimately and lawfully, you don’t need to think very hard to get a sense of how valuable your personal data might be to those operating outside the law.
What all that means is that personal data is now the most valuable digital commodity there is. Depending on who and what you read, your data is worth between $35 and $50 per month.
The rapid growth of mobile technology as a primary tool for work means that the simple day-to-day tick over of the economy relies on gargantuan amounts of personalised data being accessible from portable devices.
The chances of those devices being stolen, mislaid, or otherwise left open to compromise are mind-bogglingly high and as a result, the exposure risk – how you might be financially or otherwise damaged by that data being misused – has grown exponentially.
This is especially significant in sectors like domiciliary care where carers need on-the-go access to the sensitive health and personal records of clients and patients in order to deliver satisfactory standards of care.
It’s hardly surprising, then, that how your data is acquired, used, and then managed has become a serious matter of law over the last four years or so.
The rules we now refer to in shorthand as GDPR are designed to ensure businesses implement minimum standards relating to how they get your data, what they do with it and how they dispose of it.
For service providers in the domcare industry, how mobile device management meets those requirements is an absolutely essential part of operating a business in a way that fundamentally and inherently protects service users.
It’s not just about not losing personal data
There’s a broad misconception that GDPR is about ensuring data isn’t lost. This is only true to a certain extent.
Just as the Health & Safety at Work Act of 1974 recognises accidents in the workplace will happen, so the Data Protection Act of 2018 recognises that data breaches are inevitable.
Both pieces of legislation are therefore designed to force companies to put in place procedures, practices and policies that assess and mitigate that risk.
In each case, the question the legislation seeks to answer is not who was to blame, but instead were all reasonable steps were taken to prevent something going wrong.
There is a pre-GDPR story – which may or may not be apocryphal – of a lawyer who was carrying several case files in a briefcase which he managed to leave in a taxi.
In the ensuing recriminatory process, the lawyer and his company got into hot water not because he had lost the files – to err, after all, is human even if it comes with a penalty – but because he had two weeks’ worth of files in the briefcase that were essentially an unnecessary and avoidable risk.
How can mobile device management (MDM) protect you?
Given the inherent potential risk that comes from thousands of people carrying a device that gives them access to vulnerable and sensitive data (especially in the domcare environment), and the incumbent threat of severe punishment associated with a breach, how can you ensure your MDM protocols offer you total protection?
Screen locks and passcodes
These are the first line of defence for any business should a mobile device find its way into the wrong hands. They are a robust and effective way of deterring opportunist access to the sensitive data held on your business apps.
At Your Comms Group we can enforce passcode policies on your mobile devices to ensure your business meets the ‘privacy by design’ and ‘privacy by default’ principles that GDPR requires businesses to ‘bake into’ their processes and policies.
-
Encrypted data on the move
Building encryption into your data management is essential and it’s possible to divide this in two ways, so that data in motion – the data accessed in the field from a mobile device – is encrypted in an even more secure way than data at rest, which tends to be stored on static or cloud-based servers that are less likely to fall victim to human error.
-
Time-limited data
GDPR compliance requires businesses to limit the amount of time that data is stored on any device. This means that your mobile data management processes need to be configured to properly erase data from mobile devices to ensure no remnants are left when those devices are decommissioned or reassigned. We can provide the advice, support, and solutions to help you achieve this.
-
Keep business and personal data separate
Enforcing sensible use protocols for your mobile fleet is straightforward and helps to ensure your phones and the data they access are not vulnerable through your teams using personal apps like social media and so on. We can white- or blacklist apps to suit the needs and sensitivities of your business, ensuring your people are only using their work phone for business-authorised purposes.
-
Stay up to date
Phones are most secure when the software operating them is fully up to date. By enforcing updates, you can ensure your teams aren’t able to delay important software upgrades that help to protect data and ensure your fleet of mobile devices run reliably and efficiently.
At Your Company Mobiles we can use our Enterprise Management Models (EMM) to develop a patch and upgrade protocol that ensures your employees’ phones are always up to date.
-
Prioritise records and logs
If your business controls data, then to be fully compliant with GDPR you’ll need to be able to show exactly what steps you have taken to manage and protect that data. Again, a robust EMM can help you to achieve that.
-
Remote management
If a device is stolen or mislaid, it’s vital that you’re able to lock it down remotely to ensure the data stored on it or to which it has access is fully protected. We can provide you with market-leading remote management tools to make sure a lost or stolen phone doesn’t compromise the personal data you hold.
Remote device management will also allow settings to be updated or varied (for example, if you have people in the field travelling overseas where different data caps and policies may be in place), teams to be onboarded easily and temporary access given to information and data that may otherwise be restricted.
It’s difficult to overstate the importance of mobile device management in an increasingly digital world.