Information Governance

What Happens When BYOD Meets GDPR?

New data requirements mean new devices to protect

New data requirements mean new devices to protect

Does your machine know too much? As an example, I am willing to record how many steps I take a day with my Fitbit, but I am hesitant to adopt the Echo Look, fully equipped with Amazon’s AI technology and camera, into my private bedroom. However, with the digital age still developing new trends, I would not be surprised to see the latter become more widespread in several years. This pattern is only one of many examples of the evolution of human trust in technology. Unfortunately, this expanding trust comes at a cost, especially as more people start bringing these “personal data generators” to the workplace.

The BYOD Era

With the rise of BYOD (bring your own device) policies and an increasing number of ways to leak personal data into the public eye, the responsibility to govern and protect the privacy of employee data is only getting heavier on the shoulders of small and large corporations alike. Today, it is difficult to plainly ignore the notion that BYOD is quickly becoming a norm in most companies—at the same time, this can pose serious questions and concerns over how the data is being governed in the workplace behind the screens of many iPhones, Android devices, and tablets.

GDPR is Coming

In just short of a year, the General Data Protection Regulation (GDPR) will come into effect and all corporations harboring EU citizens’ data will fall under its jurisdiction, as overseen by the Supervisory Authority (SA) established in each member state. People are not going to stop bringing their personal devices to work, and it is highly unlikely that companies will prohibit the use of personal devices. Companies with inadequate BYOD policies may run the risk of non-compliance with GDPR and paying up to 4% of global turnover, as well as the risk of insider threat and data breaches.

What’s Next?

With GDPR in place, the need to strengthen BYOD policies escalates from a “might as well” to the top of the priority list, along with the need for adoption of comprehensive GDPR solutions. The good news is that companies have approximately a year to build out an infrastructure that can handle the new regulatory pressure, and adjust or establish BYOD policies that are compliant with industry regulations and properly implement them into employee training. It may seem like a difficult task to keep track of what data is being produced on these devices, but it will serve organizations well to cover their bases.

This data is inevitably falling under the regulatory microscope; it’s about time organizations look after it.

In ZL Marketing I hope to shed some insight and light on concerning topics in information governance as Big Data becomes more prevalent in many enterprises today. Outside the office, you can find me binge-watching Netflix shows, trying weird foods, and looking for new places to explore.