Two years after becoming law within the European Union, the GDPR (General Data Protection Regulation) became enforceable on May 25, 2018. Fundamentally, the GDPR is designed to give the European Union (EU) residents transparency, greater protection, and control over their personal data. Penalties for organizations who do not comply with the GDPR are very severe and as such, any organizations acting as data controllers and/or processors under the terms of the Regulation have been setting up readiness and compliance programs to ensure they comply with the new law.
An organization’s GDPR readiness program will consist of many and various elements, mostly concerning the implementation of new processes, legal reviews, operations, and audit practices. There are a number of specific articles of the GDPR where correctly implemented IT systems may play a significant role in an organization’s GDPR readiness. A digital workspace platform such as VMware Workspace ONE is an example of such a system. Workspace ONE is the industry’s first intelligence-driven digital workspace platform that enables IT to simply and securely deliver and manage any app on any device with modern management, insights, and automation. By delivering a digital workspace to end users, IT can improve data protection, control, and enable transparency across the data lifecycle. Workspace ONE has many management and security capabilities for users, devices, and apps that map to security and privacy use cases that can be relevant in a GDPR context.
Let’s take a look at 3 ways that Workspace ONE may help organizations to simplify data protection and privacy within a wider GDPR compliance program:
1. Controls and policies.
Workspace ONE is powered by AirWatch unified endpoint management technology, which means organizations can use the platform to securely manage devices ranging from iOS to Android, Windows 10 to macOS and Chrome OS, and even rugged devices. IT can configure what data is managed, collected and stored across all these different types of devices. For example, device phone numbers can be collected for corporate-owned iOS devices but not for employee-owned Android devices (which may be considered as personal data under the GDPR). Data loss prevention (DLP) commands, like enterprise wipe (the ability to be able to keep personal data, but erase only corporate information), can be applied to prevent data leakage. DLP and privacy controls can be set up with role-based access, restricting IT staff that don’t have the appropriate privileges from modifying policies that don’t adhere to company policy. The Workspace ONE Intelligence service gives IT insights and automation across the entire digital workspace of an employee, ultimately increasing overall security hygiene which can play a role in meeting the requirements of the GDPR.
2. Transparency
Transparency in how personal data is being processed is a fundamental tenet of the GDPR. Workspace ONE provides an explicit and dedicated privacy app that gives end users a clear and unambiguous picture of the information IT is collecting, not collecting, and how it is being used related to mobile device data. This is important in showing end users transparency and highlights how Workspace ONE plays a role in the protection of users’ personal data.
End users can also visit the whatisworkspaceone.com website to learn more about privacy related to the Workspace ONE platform and all of the Workspace ONE secure productivity apps, including VMware Boxer, Content Locker, Browser and People Search.
3. Privacy Consent Flows
Speaking of apps, we’ve improved privacy flows and how consent is handled to help make the data being collected even more transparent for the end user. A new privacy consent flow will occur when users set up Workspace ONE for the first time or go through an upgrade of the Workspace ONE app. The end user will be notified of what data is being collected by which app in Workspace ONE (see how this is implemented in VMware Boxer, for example), app permissions (such as access to contacts and calendar), and the employer’s privacy policy.
This flow has an opt-in or opt-out capability for sharing usage information, putting control of the end user’s data firmly into the hands of the end user. The flow will be embedded in both iOS and Android SDKs for Workspace ONE so that customers can leverage it for apps they’ve developed in-house using our SDKs.
By utilizing the data protection capabilities, privacy controls and modules, and transparency built into the Workspace ONE platform, organizations have the tools that can make the attainment of their compliance goals that much easier. The data protection and privacy capabilities of Workspace ONE can certainly play a significant role in an organization’s GDPR compliance activities. To learn more about VMware Workspace ONE, visit workspaceone.com.