Rise of BYOD hampering GDPR compliance efforts

DataIQ News

The rise of employees using their own devices for work purposes - so-called "bring your own device" (BOYD) - is making it difficult for businesses to prepare for the incoming GDPR legislation because staff are not using company channels to ensure the way they handle information is sufficiently secure.

A study by M-Files has found that a third (33%) of employees are now using their personal devices rather than business equipment to access and share company information, while 31% are using personal cloud services without the go-ahead from company IT departments.

“Going against company policies on sharing and accessing documents may seem relatively harmless, but it can have costly consequences, leaving organisations exposed to heightened security risks and compliance issues," said Julian Cook, VP of UK business at M-Files.

"With GDPR on our doorsteps it’s critical that organisations maintain control and visibility of their documents and information handling practices."

The survey questioned 250 IT decision makers about how they are protecting data in their organisation and it was revealed that 23% of those businesses had experienced at least one security breach in the past year because employees were not sticking to the company-wide data security policies.

“The 'shadow IT' problem can be fought on two fronts. As a first step, organisations should implement and continuously reinforce a clear policy on the use of personal devices and file sync-and-share apps as well as communicate to staff the impacts of not adhering to these guidelines, which can negatively impact the company," Cook advised.

"But perhaps more important is understanding and addressing the root causes of shadow IT, which in most cases points to deficiencies in existing information management solutions and approaches."