Having been known to use the odd three letter acronym (TLA) throughout my career, I really should know the difference between an acronym and an initialism, shouldn’t I? But do you?
The technology industry loves a good abbreviation – take GDPR, the new kid on the block. By now everyone knows that the General Data Protection Regulation, or GDPR, will overhaul how businesses process and handle data. In less than a year, Europe's data protection rules will undergo their biggest changes in two decades. The primary objectives of GDPR is to give EU residents control of their personal data and limit what personally identifiable information can be collected and processed. My colleague Jean-Frederic Karcher looked at the impact GDPR will have on your company in this blog, but do you know how it will affect your mobile workers?
In light of GDPR, organisations need to consider how to handle data held on mobile devices and their associated security policies. Unified endpoint management (UEM), enterprise mobility management (EMM) or mobile device management (MDM) solutions are an important part of a GDPR-compliant security program. To avoid any more alphabetti spaghetti, I will refer to these solutions simply as MDM from now on.
GDPR applies to any data that could potentially identify a specific individual, such as place and date of birth, mother’s maiden name and medical history information. Many of today’s corporate devices are also used by employees for personal activities, and with data stored in many applications on smartphones, tablets and laptop devices, it’s important that personal data required by the business is protected from external threats and unauthorised use or disclosure.
Though GDPR does not prescribe specific technical implementations, the good news is that MDM tools can ensure that personal data is protected. With MDM it’s easy to implement the controls and procedures that prevent users from downloading sensitive organisational data, and to remove corporate data if the device is lost or stolen.
An MDM readiness plan for GDPR should address the following key compliance features:
Privacy by design – segregating corporate data from personal data to establish a clear boundary between personal and business data on the device, so the enterprise does not have access to personal apps, content or email accounts.
Extensive logging and audit functionality with reporting – this is very helpful in determining what actions took place leading up to a data breach, as well as meeting the GDPR requirement of reporting a breach within 72 hours of discovery.
Maintaining data security – on the device as well as the network.
Enforcing data encryption – this secures all data at rest and in motion on your devices.
Enforcing data loss prevention (DLP) controls – these enable you to selectively wipe confidential data on a lost device and ensure that business apps on a device cannot share data with unauthorised apps.
Maintain the integrity of the mobile operating system.
Only by implementing these steps can you be confident that your mobile workers aren’t putting your organisation at risk.
Oh, and if you still haven’t googled the difference between an acronym and an initialism, there is a key difference. An acronym is an invented word made up of the initial letters or syllables of other words, like LAN, RAM or POP. However an initialism is a type of acronym or abbreviation consisting of initial letters that cannot be pronounced as a word, but must be read letter-by-letter, like MDM and GDPR.
Bonus question: Is Wi-Fi an acronym or not?