Europe more ‘sceptical’ around BYOD with GDPR threat looming, warns Strategy Analytics

Appstechnews.com

The UK, alongside France and Germany, remain ‘sceptical’ around bring your own device (BYOD) and its impact with General Data Protection Regulation (GDPR), according to a note from Strategy Analytics.

The company has put together a new report which polled 1,200 IT decision makers across nine vertical markets in the US, UK, France and Germany. According to the research, 10% of companies polled expect personal-liable tablets to decrease over the coming year, citing security concerns, while nearly a third of organisations do not manage corporate information on personal devices.

The US has the largest market for personal-liable devices with SMB adoption of BYOD ‘strong’ in the US compared to Europe, Strategy adds, while corporate-liable devices dominate in Europe for both SMB and corporate environments.

GDPR, which takes effect in May 2018, will force companies to tighten up their data processes. As Ian Moyse, board member of the Cloud Industry Forum, wrote on sister publication CloudTech, the law stipulates that “any business that operates in the EU or handles the personal data of people that reside in the EU must implement a strong data protection policy to protect this client data.”

In other words, having a plethora of personally liable mobile devices in tow could spell trouble.

“When GDPR comes into force in 2018, it is going to have a significant impact on BYOD growth,” said Gina Luk, Strategy principal analyst of mobile workforce strategies. “Companies cannot reasonably believe that they are providing adequate security for personal data unless it can demonstrate that it has implemented appropriate EMM (enterprise mobility management), containers, controls and procedures, to ensure separation of business data from personal data on the device.”

This is a point which has been backed up by Nick McQuire, VP enterprise at analyst firm CCS Insight, while MobileIron set out its view on the importance of EMM for GDPR compliance. “A controller – i.e. enterprise – cannot reasonably believe that it is providing adequate security for personal data unless it can demonstrate that it has implemented appropriate EMM controls and procedures to ensure separation of business data from personal data on the device, and to protect that business data from external threats and unauthorised use or disclosure,” the company wrote.