On May 25th 2018, the European Union (EU) started enforcing new rules regarding data privacy of European residents. These rules include significant differences compared to the previous Data Protection Directive 95/46/EC. Some of these new rules include:
- Privacy by design is now a legal requirement. Data protection measures must be an integral part of systems designs rather than a feature that is added later on.
- European residents now have the right to request access to their personal data that businesses store, collect or process.
- When requested by the individual, a business must remove all personal data associated with that individual.
- Violation of GDPR rules can lead to a fine of up to 4% of a business’s annual global revenue or €20 million, whichever amount is the greater between the two.
- GDPR applies to businesses that process EU residents personal data---even if those businesses are located outside of Europe.
For more detailed information, see GDPR Key Changes.
Penalties for violating GDPR policies can potentially be very severe. Depending on your enterprise’s current operations, you may also find that you need some time to establish policies. For example, you may need to hire a dedicated Data Protection Officer.
Here is a checklist to help your business get started:
Evaluate your existing data protection measures
Do you have processes and data protection policies in place for both mobile and desktop users? Is your security system certified by relevant government and industry regulators? Do you meet industry standards (e.g., ISO)? If not, consider an enterprise security solution such as Knox Platform for Enterprise to help manage and protect data on mobile devices. Samsung Knox also meets security requirements set by governments and major enterprises around the world, including the US Department of Defense.
Confirm that you can export and remove customer data
If you are a product reseller or use third-party tools, it’s especially important to ensure that you handle all EU personal data in a GDPR-compliant fashion. Even if your business operates outside of the EU and the companies that produce these third-party tools aren’t located in the EU, your business will still have to comply with GDPR regulations.
Samsung enterprise products such as Knox Workspace, Knox Configure, and Knox Mobile Enrollment are fully committed to adhering to GDPR regulations and providing consumers with an easy way to request access to their data and to remove data if necessary.
Establish customer service escalation paths
Depending on your customer support infrastructure, you may wish to create separate email addresses or Contact forms for GDPR requests. Once users request to view their data or to have their data erased, businesses have 60 days to comply so it’s important that GDPR-related communication is sent to the proper individuals.
Opportunities for businesses
Differentiate through GDPR communication
While it may seem daunting to comply with new regulations, GDPR can be an opportunity for your business to differentiate itself amongst competitors. Ensure that you make it easy for consumers to contact your business for privacy concerns. Be transparent about how consumers can access their data and submit GDPR-related requests. Be seen as an industry leader in support of consumer privacy instead of a reluctant follower.
Boost up security policies
With these new regulations, data privacy will be at the forefront of users’ minds. If your business involves mobile communication and you’re using enterprise services that aren’t industry-approved, your customers will notice. Samsung Knox holds many certifications from many organizations, including Common Criteria, FIPS-140-2, and the U.S. Department of Defense. While you review operations and make changes to the way that you protect and store data, take the extra step to ensure that your business is using a robust mobile security solution.