Companies Must Step Up Mobile GDPR Compliance Efforts, Lookout Finds

The European Union on May 25, 2018, will begin enforcing its General Data Protection Regulation (GDPR), a stringent set of data protection and privacy rules with which organizations will need to comply. Those rules apply equally to all forms of digital data, whether that data is in the cloud, on a desktop on in a mobile device. “Finding GDRP Noncompliance in a Mobile First World,” a new report by mobile security firm Lookout, found that organizations have been overlooking mobile when considering their GDPR compliance efforts. In fact, the study, which included responses from 2,062 IT professionals, found that 84 percent of U.S. security and IT executives believe that personal data accessed on employees’ mobile devices could put their company at risk for GDPR noncompliance. In this slide show, eWEEK looks at some of the highlights of the Lookout report.

Although GDPR is a European Union initiative, it will impact U.S. organizations that do business in the EU. According to Lookout’s research, 73 percent of security and IT executives who reported they have employees, customers or partners based in the EU believe they will be impacted by GDPR regulations.

Mobile is a potential area of GDPR risk, according to the Lookout research. Eighty-four percent of survey respondents agreed with the statement that the personal data accessed on their employees’ mobile devices could put their company at risk for GDPR noncompliance.

Looking at the types of apps and data that reside on mobile devices, the Lookout survey found that what most employees access are enterprise calendar and email apps.

There are multiple types of risky behaviors that mobile users engage in that could lead to a data breach and potential GDPR noncompliance. Forty-eight percent of U.S. employees admitted to downloading applications outside of the main Google Play and Apple App Stores, Lookout found.

Thirty-two percent of employees who hold the position of vice president and above admitted that their mobile devices have at some point been hacked or compromised. Since personal data is located on mobile devices, organizations must secure their mobile endpoints to address GDPR requirements, Lookout emphasized.

The potential for privacy leakage is further compounded on mobile devices, since many users have both personal and work data on the same device. According to the survey, over 70 percent of U.S. employees reported that they use the same phone for personal and work purposes. In addition, 81 percent of U.S. security and IT executives said their employees are approved to install personal apps on work-approved devices.

Given the fact that personal and corporate data often are both present on a mobile device, Lookout recommends that organizations have a robust mobile management platform in place in order to be compliant with GDPR. Lookout also suggests that organizations have the tools in place to be able to take immediate action to mitigate risks to corporate data on mobile devices.