What is GDPR?
General Data Protection Regulation or GDPR impacts the European Union (EU) and limits the ability to store, collect or process third-party, corporate or personal data. The short of it is, this gives data subjects more protection and allows them the “right to be forgotten" meaning the data subject has the ability to have their personal data removed if they don’t want it processed anymore.
The regulation goes into effect on May 25, 2018.
Who does GDPR impact?
GDPR affects all companies within the EU, and also all companies outside of the EU that market to or do business with individuals or organizations in an EU country.
Organizations within the EU must also protect their employee, customer and partner data.
What happens if you don’t meet GDPR compliance?
Aside from the potential fallout with customers, employees and business partners, organizations are subject to substantial fines — upwards of $20 million.
How can you meet GDPR and remain compliant?
After you consult your legal or security team, here are four steps you can take:
- Discover: Identify what personal data you have and where it resides.
- Manage: Govern how personal data is used and accessed.
- Protect: Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.
- Report: Keep required documentation and continuously review and update your data protection policies and practices.
How can Jamf help with compliance?
For organizations and their IT administrators that must adhere to GDPR compliance, Jamf offers Apple device management capabilities to help ensure your managed Apple devices check each of the compliance steps listed above.
Jamf can collect an endless amount of inventory data to create a detailed view of your environment, including hardware, software and security settings. This creates an inventory and security baseline that IT can compare against. With a clear picture, IT can then take immediate action to ensure devices are current and in compliance.
If a vulnerability is discovered, IT can send a command to the device(s) in question and remediate the issue. Taking that a step further, Jamf offers patch management capabilities that automate the patching of out-of-date software.
Apple’s devices are designed with encryption in mind. iOS enables full disk encryption when a passcode is enabled. macOS has full disk encryption built into its native security tool, FileVault. Admins using Jamf can enforce strong passwords across all iOS devices and ensure FileVault is turned on for all Macs under management.
If a device is ever lost or stolen — putting GDPR compliance in jeopardy — IT can leverage Jamf to send a command that remotely wipes and resets the device.
Audit reporting is key to ensuring all of your devices remain in compliance. Jamf allows you to report on which management settings or policies are applied to each device and track what, if any, changes have been made.
To avoid any gotchas that GDPR compliance may present, we created the below video to help put your mind at ease and provide a more detailed look at some of the ways Jamf can help. Keep an eye on the Jamf blog and Jamf Nation throughout May for more information.