(B)ring (Y)our (O)wn (D)evice and GDPR
Assign topic to the user
Now I am left with either one of these options:
- application wrapping
- sandboxing
Is there an easier way to be GDPR conform and allow BYOD?
Answer:
There is no mention in the EU GDPR or any other legal provision for that matter about forbidding the use of employees own devices to have access to a company email.
The only thing to be considered is how to keep the access to that data secure as not to be subject of a data breach based on the vulnerability of the employees device on one hand and the degree of monitoring of the employees devices.
I think that the latter is more important as there is usually the tendency to over–monitor a user’s device even if is not justified taking into account the data that is usually passed via email. In this case I would recommend to perform a DPIA to check if the monitoring is proportionate.
To learn more about DPIAs check out our webinar Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR (https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/).
Comment as guest or Sign in
Oct 08, 2018