To comply with GDPR, companies need to regulate employees' mobile devices