Data Protection Thanks to Mobile Device Management


RMD Wasserstraßen GmbH uses Cortado Server for data-protection compliant administration of its employees’ iPhones

RMD Waterways is an independent subsidiary of the Rhein-Main-Donau company, responsible for the construction of Germany’s Rhein-Main-Danube canal. Since then, the 130 highly-qualified employees have concentrated on waterway construction and flood protection and have made the company one of Europe’s leading companies in these fields.

For RMD Waterways, the EU’s General Data Protection Regulation, which came into force into 2018, was an important date for which it had to prepare. Up until then, some employees worked with unmanaged iPhones. This posed a significant risk to data security.

A MDM system was needed

It was now clear that a mobile device management system was needed to meet all the requirements associated with GDPR.

Richard Karmann from the Finance, IT, Administration & Auditing department recalls: “As part of our GDPR preparations, we looked at three systems, including MobileIron and Cortado, and received quotes. Additionally, we worked closely with our data protection and IT security colleagues”.

A decision was made, and Cortado Server from Cortado Mobile Solutions was selected. Richard Karmann: “The Cortado solution fulfilled all of our wishes. Additionally, a Cortado consultant was at our side to answer all our questions”.

In the meantime, 42 iOS devices are in use at RMD Waterways. In addition to project managers, it is mainly IT staff, department heads, and management who use the company’s own devices.

Apps under control

An important task is that together with the data protection officer and the IT security officer, the IT department decides which apps are allowed on a whitelist and ultimately on the devices. These include apps that are needed for work and on construction sites, such as a weather app, Adobe Reader, a petrol station app, a mapping app, a flood app and a news app for example.

What is also allowed is WhatsApp. In this case, data protection compliance is guaranteed because access to the company’s Exchange contacts is prevented using Cortado MDM for WhatsApp.

“Before the implementation of the MDM system, employees could install whatever they wanted,” recalls Richard Karmann. This changed when GDPR came into force. According to the IT expert, this was no longer possible without the danger of violating the new laws. “There was an outcry from some as some of their apps were gone, but that couldn’t be avoided.”

Now the IT department makes a note of requested apps requests, which are then checked by the data protection officer. Richard Karmann continued “Without this check, it’s not possible if we wish to work in compliance with the data protection law”.


“We’re fully satisfied with the Cortado solution and enjoy working with it. And with the support of Cortado, we have managed the changeover extremely well,” said Richard Karmann.

Download Case Study (PDF)