June 18, 2018

GDPR compliance made easy with Samsung Knox

Samsung Knox News


With GDPR compliance rules in effect on May 25th, 2018, many businesses have changed their processes to ensure that they don’t violate the new data storage and protection regulations concerning European personal data. As an industry leader in data protection, Samsung Knox can complement your GDPR compliance activities. Let’s take a look at some of the security features in Samsung Knox devices and cloud services and how they are relevant to specific GDPR articles.


Prevent accidental data leaks

GDPR mandates stricter data processing and protection rules for European personal data. If your business accidentally loses European consumer data due to improper data processing or security procedures, your business will still be liable.

Let’s examine a potential use case:

Company ABC issues mobile devices to all employees, including those working in their European offices. The IT admin has installed a special Contacts app that allows the ABC sales staff to quickly reach its European customers in case of system outages. The IT admin recommends that its sales staff set a secure password unlock method on the device, but has no actual method of enforcing this recommendation.

James is a new employee at ABC. He just received his work phone and has not yet set up a lock screen for his phone. While riding the subway on his way home, James is robbed and loses the phone. Since the phone was not yet locked, the thief now would have access to the names, phone numbers, and addresses of all ABC customers through the Contacts app on this unsecured device.

Under GDPR regulations, is ABC at fault? Yes! If European consumer personal information is part of the data set that James’ unlocked mobile phone contained, then ABC would be in violation of GDPR for losing or misplacing the phone and for not encrypting the phone.

ABC didn’t intentionally provide client information to an unauthorized third party, but ABC would still be at fault. ABC violated GDPR Article 5(1f) which states that when managing data, companies should include protection “against accidental loss, destruction or damage, using appropriate technical or organizational measures.”

ABC could have prevented this incident by having a proper mobile device management and security system in place. For example, if ABC was using an Enterprise Mobility Management solution such as Knox Manage, the IT admin could’ve deployed a policy to enforce device unlocking rules.


Ensure that the right people access the right data

To further reduce the possibility of human error, Samsung Knox cloud products also allow enterprises to designate different tiers of admins with different levels of permissions. GDPR Article 32(4) states that anybody “who has access to European personal data must only process it under instructions from the controller.” This means that if you have more than one IT admin at your organization, you need to have a formal system in place to ensure that only certain admins can access customer data.

For example, if your business distributes work phones to all of your employees, a single IT admin may not be able to manage the entire device enrollment and configuration process. Samsung Knox Mobile Enrollment and Knox Configure both provide a hierarchy system for IT admins. The lead IT admin can create a tenant for your business and grant permission to only a select group of trained IT admins to access the system and update policies as required.


Comply with requests to access data

If your company is reselling Samsung’s solutions or you are managing devices using one of these Samsung products, your customers can contact Samsung to request data exports or to have their data erased.

As large global organization, Samsung understands that even though a business could be located in one continent, clients could be located anywhere from Guatemala to Greece. Samsung Knox’s suite of enterprise cloud products complies with GDPR regulations in all regions. If your Asia-based business has clients in France and those clients want to remove certain email addresses from their Knox Configure tenant, simply contact Samsung and the team will be happy to help you out with this request.


For more information