19 Jun GDPR and BYOD – Oil and Water or Oil and Vinegar?
Has GDPR put an end to the growing trend for small companies to allow employees to bring their own devices for business use or is there a way for them to go together?
This blog aims to outline how if at GDPR and BYOD can co-exist or if they just don’t mix.
With the new GDPR regulations at the forefront of the minds of all business owners’ is it too risky to allow employees the autonomy to use their own smartphones, tablets and laptops for business use?
BYOD means employees use their own devices instead or along with company supplied devices. When using their own devices, employees immediately gain a sense of control over their work. This perceived power makes them feel happier and can significantly improve productivity. It seems in the UK today all businesses are comfortable with IT security such as firewalls and anti-virus software and etc, but many neglect the mobile devices staff use daily.
The recent GDPR legislation is essentially about data protection, whilst its imperative to gain consent, there is no point following consent procedure if you are allowing employees to connect their own devices to unsecured free Wi-Fi on public transport and in coffee shops. This can easily lead to a data breach.
Even replying to an email on the train could be a data breach if someone sitting behind can see the recipients email address.
It’s thought that 72% of UK businesses have embraced BYOD, however only 54% have formal BYOD policies (Teiss.co.uk, October 17)- since GDPR a strong business BYOD strategy is fundamental along with the appropriate risk assessment and GDPR compliance training.
It’s understandable that businesses may prefer to shy away from BYOD in fear or risking a data breach but doing so may lead to employees become frustrated and increase staff turnover.
There is no reason why a well-managed and well-understood BYOD strategy should increase the risk of a data breach. Devices must be password protected and as little sensitive data stored on the device as possible. The sensible option would be for businesses to ensure employees use a VPN and the appropriate IT security measures so that if a device is lost or compromised it can be wiped remotely.
So GDPR and BYOD can blend under the correct circumstances just like Oil and Vinegar.
What do you think? We’d like to hear your opinions on GDPR or BYOD.
If your business is keen to employ a BYOD strategy that’s GDPR compliant but not sure how – we can help. Cisco’s Umbrella software can protect your business in minutes and KubeNet can set up a FREE 14-day trial– this software is so sophisticated it uncovers attacks before they launch. Better yet there’s absolutely NO obligation to sign up if you don’t love it as much as we do.