Ryan frequently accesses customer billing information and contract details on his mobile device using a “mash-up” app that combines the Salesforce API together with APIs from his subscription billing service.
Why this is a risk
His custom app does not have the same security protections as the official Salesforce app for storing and transmitting GDPR regulated personal data from Ryan's mobile device.
of UK employees say they access their organization’s customer, partner and employee data while on their mobile device.
Alex on the Human Resources team uses the Workday app on her tablet to complete work tasks every day, but doesn’t usually update her operating system to the latest version right away.
Why this is a risk
Malicious actors that target her can exploit known vulnerabilities in her mobile OS to download spyware that enables the attackers to access all employee data.
of UK employees say they do not have automatic updates enabled on their app and device operating system.
Kim uses the Salesforce app on her smartphone to find contact information for partners and customers. Since she travels often, she regularly connects to public and guest Wi-Fi networks in airports, hotels, and cafes.
Why this is a risk
Depending on the country that Kim is in this week, one of those networks may have a malicious man-in-the-middle attack set up to steal her corporate credentials. This may lead to a large theft of GDPR regulated personal data from Salesforce or another app.
of UK employees say they connect to public Wi-Fi networks on the go.
Chris on your marketing team has the Marketo app on his tablet with access to the personal data of your entire customer and prospect data base.
Why this is a risk
Mobile malware such as spyware or keyloggers are capable of stealing his credentials and breaching this GDPR regulated data, potentially leading to an infringement fine or damage to your organisation’s reputation.
When asked specifically about customer PII data, 45% of UK employees say they have access to their organization’s customer personally identifiable data via their mobile device.
In Andrea’s role as head of corporate & business development he regularly communicates with senior executives at other companies and stores that personal information in the contacts of his smartphone. That same device also has over 100 apps that Andrea uses in both his personal and professional life.
Why this is a risk
Many of these apps ask for permission to access contacts, which Andrea always accepts, even though he has no knowledge of whether those apps access sensitive corporate or GDPR regulated personal data on his phone.
of UK employees use the same phone for personal and work purposes.
Get this clear and concise guide to securing personal data on mobile devices
See your organization's mobile risk based on data access & existing controls.
The General Data Protection Regulation (GDPR)
will come into effect on 25 May 2018.
The evidence of GDPR non-compliance risk
from mobile is overwhelming.
Security & IT executives say personal data accessed on employee mobile devices could put their company at risk for GDPR non-compliance.
Enterprise employees say they access their organisation’s customer, partner, and employee data while on their mobile device.
Enterprise employees that have a title of Vice President or higher say their mobile devices have been hacked or compromised.
Complete this online mobile risk assessment to get insight into your current level of mobile risk based on your mobility policies and existing controls such as EMM. This assessment is based on a framework called the Mobile Risk Matrix, outlining risk across threats, software vulnerabilities and risky behaviours & configurations for each of the attack vectors on mobile devices.
Get a custom assessment of GDPR and business risks to personal data by answering 20 questions about the state of mobility in your organisation.
Finding risks to GDPR compliance on mobile
OneTrust Chief Executive Officer
Lookout Chief Strategy Officer
Quickly identify the risks to EU personal data from mobile
Lookout Mobile Endpoint Security provides unmatched visibility to quickly pinpoint when EU personal data is at risk of being exposed on mobile devices. The Lookout console enables admins to quickly identify risks to personal data within their mobile fleet from threats, risks or vulnerabilities across the app, device, network or web/content vectors.
Prepare for GDPR's 72 hour breach notification requirements
Lookout Mobile Endpoint Security provides timely notifications to administrators when data may be maliciously exfiltrated or accidentally leaked from a mobile device, arming administrators with detailed information about the identified issue within the Lookout console to enable notification to the supervisory authority “without undue delay.”
Implement policy-based protection at scale
Lookout provides policy templates to protect EU personal data, enabling organisations to mitigate the risk of data-leaking apps at scale, while ensuring end user privacy. Integrate Lookout Mobile Endpoint Security with your MDM/EMM to establish risk-based conditional access policies to secure GDPR regulated data.
Privacy by Design
Lookout adheres to data minimisation and purposeful data collection principles, and has robust privacy controls, including the ability to restrict collection of any PII associated with users or devices under management as well as limit end user information presented to administrators of the Lookout solution. Lookout is EU-US Privacy Shield, ISO27001 and FedRAMP In Process.
This whitepaper examines the GDPR regulations and how the mobile threats, vulnerabilities and user behaviours related to mobile technology can have a significant impact on companies’ efforts to be compliant. It describes how technology solutions can help organisations not only comply with GDPR, but significantly enhance their mobile security posture as well.
See how renowned Dutch home healthcare organisation Buurtzorg achieved all the goals of their mobile security initiative by integrating Lookout Mobile Endpoint Security with MobileIron Enterprise Mobility Management to secure mobility, enable compliance with privacy regulations, and gain visibility into mobile threats.
By 2019, 30% of organisations will face significant financial exposure from regulatory bodies due to their failure to comply with GDPR requirements to protect personal data on mobile devices.*
Gartner, Inc., Revisit Your Enterprise Mobility Management Practices to Prepare for EU GDPR,
Manjunath Bhat, Bart Willemsen, May 2017.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the US and internationally, and is used herein with permission. All rights reserved.
*Gartner, Inc., Revisit Your Enterprise Mobility Management Practices to Prepare for EU GDPR, Manjunath Bhat, Bart Willemsen, May 2017. The Gartner Report(s) described herein, (the "Gartner Report(s)") represent(s) research opinion or viewpoints published, as part of a syndicated subscription service, by Gartner, Inc. ("Gartner"), and are not representations of fact.
Now is the time to invest in security measures to safeguard sensitive employee, customer and...
Employees are demanding access to corporate data through mobile devices, leading mobile threat...
In this data-based report, you'll benefit from a comprehensive overview of the real-world risk...