For companies, 2018 is all about the EU General Data Protection Regulation (GDPR): the entire processing of personal data must be scrutinised. A hitherto underestimated risk comes from the mobile phones of their own employees: company contacts transferred to the smartphone can mean a massive violation of the GDPR.
Munich, 8 January 2018. Mobile work plays an increasingly important role in companies all over europe. To access business contacts outside the office, many employees synchronise their address book with their smartphone. "What seems to be practical and harmless is actually extremely risky," warns Andreas Peter, data protection coordinator at the German Unified Communications manufacturer C4B Com For Business.
The background: numerous apps, such as messenger services, read the entire address book and transfer the data to foreign servers. Companies that do not prevent this practice commit a massive breach of privacy. Thus, for example, the Bavarian State Office for Data Protection Supervision comes to the conclusion that WhatsApp cannot be used on business mobile devices in compliance with data protection regulations, since unauthorised collection and processing of personal data should always be assumed. With the EU General Data Protection Regulation, which comes into force on 25 May, companies face significantly more severe sanctions for such an infringement. At the same time, the new transparency and information requirements increase the sensitivity of consumers.
"Of course, companies can try to technically prevent the installation of services such as WhatsApp or Facebook with rigid protection mechanisms," explains Andreas Peter. The drawback: this strategy only works if only company mobiles are in use. In BYOD scenarios, however, it is practically impossible for organisations to ensure that no third party application accesses company data. In addition, contact data replicated hundreds or thousands of times on employee mobiles can hardly be protected against malware, loss or theft.
"The much safer alternative is a centralised directory service," says Andreas Peter. In a directory service, the contacts from a variety of applications such as e.g. Outlook, ERP or CRM systems can be bundled. The contacts are stored centrally on the company server and are therefore protected at all times by the firewall. With its Unified Communications software XPhone Connect, C4B offers a solution that includes a central directory service and an app that gives employees flexible access to company contacts. "No data is stored on the smartphone itself," explains Andreas Peter. "This not only eliminates access by third-party applications. The data is also protected in case of loss or theft of the smartphone. And employees can still use their favourite apps."
With the use of a UC solution, companies can ward off another danger at the same time: business communication via WhatsApp. "Anyone who communicates quickly and conveniently all the time via chat in their private life may find it hard to do without in the office," says Andreas Peter. Indeed, messenger services are also frequently used for business purposes, although the sending of personal data via WhatsApp represents a grave breach of data protection regulations. With the help of a UC solution, this communication can be relocated to a secure platform: if the UC software offers its own chat function, it can be ensured that all content is stored on a company-owned server in compliance with data protection regulations.