I'm aware that some apps collect data from other apps and often these data are private data. These data can and will be stored "somewhere" in the world - and eventually sold or exchanged with even more "data collectors" for all kind of purposes (marketing, crime, fraud and hacking). As you (acc. GDPR) have to describe how your protect private data from being distributed - outside your company, you will need a secure setup on your mobile devices.
On a private smart phone (BYOD) or corporate phones with private user profiles, users are making private backups of smart phones - with all smart phone data. When an employee ends his career at a company, these data will still be available on the private backup- and can be restored into a new smart phone.
How do you avoid these situations?
With BYOD devices (Bring Your Own Device), the challenges are even more complex. Often the users do not want two smart phones to handle and often they like to use their private smart phones for work.
To me the solution is quite simple. Use corporate smart phones and allow private data outside a corporate container on the smart phone with business apps only..... BUT that's (with my experience) not how the companies / organizations are handling the smart phones challenges.
What's your experience ?