In Compliance with the GDPR
Secure and GDPR compliant work on your smartphone and tablet computer with SecurePIM
The EU General Data Protection Regulation (GDPR) is a European Union regulation which aims to harmonize the rules concerning the processing of personal data by private companies and public bodies across the Union.
The amount of personal data downloaded, saved or processed on smartphones and tablet computers is constantly increasing, which is why this information should be appropriately protected on said devices. In addition, the GDPR requires that companies be able to prove their implementation of protection mechanisms to secure personal data on their mobile terminal devices.
Appropriate technologies and default settings promoting data protection must be guaranteed. This means that adequate technical and organisational measures (TOMs) must be implemented.
With SecurePIM, you will be in line with the following important principles underlying the EU General Data Protection Regulation:
- Data security, data integrity
- Data encryption
- Protection of privacy
- A state-of-the-art solution
- Separation of corporate and personal data
The solution is easy to install and can be integrated into your existing infrastructure. You don’t even have to manage the device.
What does the GDPR require from companies and public bodies?
In addition to documentation and information obligations and the principle of data minimization, companies’ IT departments must operate in compliance with the EU General Data Protection Regulation. What does that mean exactly?
There must be evidence of the protection mechanisms in place
Companies must be able to prove that they implement appropriate protection mechanisms in order to protect the personal data belonging to their clients, business partners and staff on mobile terminal devices. There must be detailed evidence of the protection mechanisms applied on file, and related documents must be continually updated, even if there are no incidents.
Measures for appropriate data protection
Amongst others, Article 5, paragraph 2 sets forth the integrity and confidentiality of the data. This can only be achieved by means of the segregation of corporate and personal data and applications on mobile terminal devices. This is the only way to reliably protect corporate data from third-party threats and their unauthorized usage or dissemination.
In addition, Article 32 requires that precautions be taken for the protection of the data themselves, e.g. by means of encryption. These provisions are fulfilled if corporate data and applications are located in an encrypted container, and if all communications between the mobile terminal device and the company’s IT department are seamlessly encrypted.
This also makes data protection impact assessments as defined in Article 35 easier. If the data are not strictly segregated on the device, such impact assessments will not permit the evaluation of the protection of personal data, resulting in non-compliance with the GDPR.
Data protection by means of the correct technology
In accordance with Article 25, appropriate technologies and default settings promoting data protection must be guaranteed. This means that adequate technical and organisational measures (TOMs) must be implemented.
- Clear segregation of personal and corporate data on the device.
- In the Management Portal, the devices and data each device may access are predefined, as well as which security provisions must be respected.
- The IT administrator can also set additional tailored security rules for compliance (e.g. not allowing the copying of data outside the container) and define countermeasures to be applied in the event of applications no longer meeting the defined prerequisites.
- The data are also protected from unauthorized third-party access because the container will automatically lock in the case of a jailbreak attack, for example, or it can be locked and deleted by the administrator if a device is lost.
Trust SecurePIM – If you get fined, you will get a refund!
Thanks to SecurePIM, you can work securely on mobile terminal devices and fulfil the provisions set forth in the EU General Data Protection Regulation. It is very simple!
We promise that the encryption in the SecurePIM containers is sufficiently efficient to provide a “level of security appropriate to the risk” as defined in Article 32 of the EU General Data Protection Regulation (GDPR) for personal data. This means that a German supervisory authority cannot fine companies implementing SecurePIM in accordance with Article 58, paragraph 2 i), in relation to Article 83 of the GDPR. However, if you should happen to be fined despite the use of SecurePIM, we promise to refund the full amounts paid for an annual license. *)
*) To obtain this refund, the following requirements must be fulfilled:
The latest version of SecurePIM was in use.
Sufficient security rules were implemented by the lease-holder.
The fine was imposed by the German supervisory authority in charge of ensuring compliance with the EU General Data Protection Regulation (GDPR) (cf. Article 51 ff. GDPR)
Non-compliance was due to the design and implementation of SecurePIM’s encryption, for which Virtual Solution, as the manufacturer of the product, is liable, and that it is not e.g. the result of the lease-holder’s (lacking) organisational rules which would have enabled the circumvention of barriers set up by SecurePIM (e.g. because it was not prohibited to share PINs ).