The whole truth about GDPR

As a provider of Unified Endpoint Management (UEM), we could tell you that you are already perfectly equipped for the requirements of the GDPR with our solutions alone. But that would only be half the truth.

The initial excitement is followed by hefty penalties

Last year, the General Data Protection Regulation (GDPR) haunted the media like a spectre, as the regulations came into force on May 25. Although the excitement seems to have died down somewhat, the GDPR sanctions are now a painful reality in some cases: at the end of 2018, German data protection authorities demanded an amount of 5,000 euros from the mail order company Kolibri Image, while the French data protection authority CNIL fined Google 50 million euros at the beginning of 2019.

So anyone can be hit with heavy fines. Companies of all sizes are therefore well advised to constantly think about how they handle personal data. This is especially true when processes are becoming increasingly digitalized and employees are using mobile devices for both business and private purposes as part of BYOD initiatives. Used prudently, mobile device management (MDM) undoubtedly acts as an indispensable tool here – but can itself become a problem under certain circumstances.

Business data belongs in containers

Article 5 of the GDPR already makes it clear that data may only be collected for clearly defined purposes and only processed to the smallest possible extent. This means that personal information of employees and customers should not flow uncontrolled onto mobile devices or be accessed by applications running on them. Of particular concern in this context are messengers that access cell phone contact data and possibly synchronize it with servers in insecure third countries.

To prevent this, however, companies do not have to completely deny their employees access to sensitive company data. It makes more sense to strictly separate business information on smartphones and tablets from private applications. Highly encrypted security containers, such as those provided by AppTec Secure PIM, are ideal for this purpose. This allows users to continue to access emails, calendars or documents – private apps such as WhatsApp or Facebook are blocked just as effectively as unauthorized users. What’s more, if a mobile device is stolen or lost in any other way, administrators can reset all container data remotely.

You should pay attention to this with EMM

As good as this sounds, a functioning enterprise mobility management system alone does not release you as a company from all the obligations set out in the GDPR to document processes and design them in compliance with data protection regulations. Let’s take the topic of employee data protection as an example. In Germany, Section 26 of the Federal Data Protection Act (BDSG) specifies the following principle: If their data is to be processed beyond the cases provided for by law, employees must give their consent.

Paradoxically, you can break this requirement with the very EMM product with which you actually want to enforce the GDPR. For example, it is conceivable that a management solution could collect GPS location data in order to locate devices if they are lost. And it is precisely this information that forms a personal movement profile of the respective end user. Corresponding functions should therefore be agreed with the works council and only activated if those affected are in the loop. Whatever you decide – AppTec’s Unified Endpoint Management adapts to your premises: The console presents GPS information in a works council-compliant manner (dual control principle). The solution can also be configured so that users can switch off GPS tracking themselves.

You should also not neglect a possible data transfer to third countries if your EMM solution is implemented as a cloud. AppTec answers this question with confidence: our servers are currently located in the PlusServer GmbH data center in Germany and are therefore subject to the GDPR data protection regulations. You can also run the software developed in Switzerland on-premise. Whichever model you choose: The company data is never stored on our servers, but remains exclusively in the possession of the customer, i.e. you.

AppTec Blog / Author: Sahin Tugcular

Topic: GDPR, AppTec Container, SecurePIM

Get more information about AppTec360°




AppTec GmbH
St. Jakobs-Strasse 30
CH-4052 Basel
Phone: +41 (0) 61 511 32 10
Fax: +41 (0) 61 511 32 19


Recommend us
Go to Top