The General Data Protection Regulation has been in force for almost four years. You have to keep this in mind when separating private and professional life. […]
Within the framework of the General Data Protection Regulation (GDPR), companies and users must be careful when it comes to processing personal data of third parties. We show what consequences this has for Apple devices.
Basically, Apple sees itself as a privacy-friendly company. The company clearly distinguishes itself from companies that operate the sale of data as a business model. Among other things, Apple is investing well over 50 million US dollars in the “Privacy on iPhone” campaign. As part of the campaign, iOS and iPadOS are also already configured in such a way that data protection already has a high level from the factory. However, Apple also collects user location data, which gives conclusions about user behavior.
Here, users have to make adjustments themselves and specify the respective apps and settings on iPhone, iPad and macOS for better data protection. This also includes Apple’s “App Tracking Transparency”: users must explicitly agree to the tracking of their data. In the App Store, apps must also show which providers they share data with. Here, too, users and companies should pay close attention to which apps they install. There are some app manufacturers that explicitly share data with Facebook and other social networks.
Especially for users who use iPhone, iPad and Mac both privately and for business, the separation of private and business data plays an important role in terms of data protection. If data of other persons is stored or processed, the protection of this data is particularly important. Another example is the strict separation of private and professional contacts. If you use Whatsapp, for example, there is a very big data protection problem. This is even more true if you also store professional personal data on the same device. But one thing is clear: anyone who separates his private and professional contacts and other data must expect losses in the operation of the iPhone, iPad and Mac.
Administrators in companies can also set guidelines to control how data is stored. Unlike Android, it is not possible for iOS, but it is also not necessary to create multiple users for data separation. However, many external providers of such solutions, such as SecurePIM, follow a similar path and separate private and business data from each other via containers.
With iOS and iPadOS, administrators for private and professional devices can control which data and apps need to be specially protected and separated from each other. Apps that are installed, configured or managed on the devices via Mobile Device Management (MDM) are managed apps. These can be self-developed applications, but also conventional apps from the App Store. In order to achieve an optimal separation of private data, companies and professionals can hardly get around a paid MDM solution. The disadvantage of these solutions: they are complicated to set up and manage and not exactly cheap.
In order to create a data protection-compliant environment without these solutions, for example for compliance with the GDPR, the simplest method is to avoid apps with data protection problems, such as Whatsapp, or even to prohibit them by the company’s IT policy. For other apps, it must be possible to control exactly which data can be accessed. Companies and organizations that ignore this risk heavy fines.
To protect macOS, tools such as “iMazing Profile Editor” and ProfileCreator will help. With the tool, settings can be created and distributed centrally on iPgones, iPads and also for macOS. The open source tool ProfileCreator offers similar functions. This is even available completely free of charge.
Tools such as iMazing Profile Editor and ProfileCreator can help separate professional and personal data.
Of course, the tools require a lot of training, but after the changeover, it is ensured that professional and private data can be separated more easily. The tool can also be installed on Windows machines. The tools work together with the Apple Configurator 2 to better separate data on end devices.
Of course, users cannot operate their own MDM solution just to operate their own iPhone in compliance with data protection regulations. This is the central task of the company. In an emergency, users need their own iPhone for professional use, on which only the business data is stored. But there are some apps that solve the problem. SecureContact X Professional, for example, separates professional and private contacts from each other. For example, WhatsApp can be used on the iPhone without professional contacts being able to be read out by the messenger service. However, the use of WhatsApp is very difficult from a data protection point of view. Companies should seek legal advice here. Professional users who store professional contacts on the iPhone and use WhatsApp privately can hardly avoid the use of such a solution within the framework of the GDPR.
Not only professional contacts and e-mails must protect users, but also various documents. The best protection is not to store professional data on the iPhone, iPad or Mac, but to work with online versions of the office programs, and to store professional data in the corporate network or the corporate cloud. Data that is not stored on the iPhone also does not need to be protected. Since smartphones are connected to the Internet and the cloud in most cases anyway, data can be accessed online, offline access is usually not necessary. Microsoft, Google and other providers provide enough solutions in this area.
Companies that do not want to entrust their data to cloud providers can also operate their own servers, or rely on a private cloud solution with cloud services such as ownCloud or Nextcloud. There are enough apps and options for ownCloud to store documents not on the iPhone, but directly in your own cloud, protected by authentication. Otherwise, you can rely on cloud storage from the EU, since here the data is stored in European data centers.
Solutions such as Cortado enable the separation of professional and private data. The solution can be tested for free for 14 days and protects iPhones and iPads equally. With Cortado, admins in companies can control exactly which apps can be used on the company smartphones. In addition to iOS and iPadOS, Cortado also supports Android. In parallel to the data protection functions, it is also possible to delete data from devices remotely with Cortado.
Another solution in this area is Jamf. This MDM system can also be tested for some time, but is also more aimed at professionals who have to manage multiple devices. Companies that rely on Microsoft 365 can use mobile device management functions on various bases to secure and manage users’ end devices. In addition to functions of the mobile operating systems and macOS, applications can also be managed, for example corporate apps or Microsoft Office apps. The MDM features in Microsoft 365 also support Android as well as iPhone/iPad. In Microsoft 365, you can delete all data from a smartphone/tablet, but also selectively delete only the company data. This is ideal for environments with bring-your-own-device approaches. The setup of MDM in Microsoft 365 takes place via wizards in the Microsoft 365 Admin Center.
In addition to securing professional contacts and emails via apps, or working with online apps, it is also important that the browsers used are secure and do not allow the sharing of data or only allow sharing in compliance with the GDPR. If sharing is necessary, then only in compliance with safety.
Examples are Firefox Clear, Brave Private Internet Browser and Onion Browser. The browsers protect the end devices and prevent tracking quite reliably.
With the Apple Configurator 2, users can improve data protection on iPhones and iPads even without an MDM solution by setting what happens automatically in larger companies of MDM solutions. The app is offered free of charge and focuses mainly on smaller companies, professional users or educational institutions. Apple offers the Apple Configurator via the Mac App Store. The software can be used to set up iPhones, iPads, iPod Touch and Apple TV.
A significant innovation is the “blueprints”. These are templates that you can use to manage and control your different types of devices. You can use existing templates or create new ones to distribute different profiles, settings or configurations. Create a blueprint for each device or deployment type. This summarizes all the settings of the devices. This is useful, for example, to manage various settings and apps for iPhones, iPads and iPods. As part of the setup, Apple Configurator 2 can also be connected to a mobile Device Management server (MDM). (Macwelt)
*Thomas Joos is a freelance IT consultant and has been working in IT for 20 years. He writes practical textbooks and publishes in numerous IT publications such as TecChannel.de and PC world.