GDPR and BYOD – two new acronyms crucial for employers

In 2017 most organisations benefit from at least some employees being able to access business information on the move. Smartphones provide facilities that can be invaluable for efficiency, time-tracking, navigation, photo evidence and event ticketing to mention just a few. In the UK a third of all employees now use personal devices rather than business equipment to access and share business information. But that invariably means employees having access to personal information and that will be regulated by the General Data Protection Regulations (GDPR) due to come in force in May 2018. Businesses need a Bring Your Own Device (BYOD) to work policy now.

It is inconceivable that businesses can afford to regress five years and ban the use of personal devices for work related tasks.

Why you need that BYOD policy:

  • Banning use of personal phones will diminish productivity, demotivate employees and could affect retention
  • Buying company phones may be an investment but then will you let employees hold personal data on the phones? Phones are now heavy; carrying two may not be popular.
  • Many employees are putting company data on their phones and putting security at risk
  • Many employees are putting personal data on their phones and putting their employers at risk under the forthcoming General Data Protection Regulations (GDPR)
  • These activities could be happening in an unregulated manner sometimes without the employer or employee realising.
  • Who owns personal contacts?
  • Who owns the “apps”?
  • Is your data secure? Do you have the authority to ensure that it is?
  • What happens when an employee leaves?
  • Will employees have access to a virtual private network – great for efficiency, poor for security.
  • Does an employee’s children have access to the device?
  • What happens if and when the employee leaves?
  • What sanctions are available in event of wrongdoings?
  • What about well being – should your employees have undisturbed time – or can you call them at midnight?
  • Have you worked out how your practices will comply with GDPR?

Contact Employer Solutions for a dynamic online policy that will be updated as further guidance becomes available from the Information Commissioner’s Office (ICO) and finalisation of legislation.

Malcolm Martin FCIPD

Author Human Resource Practice.

Training Courses

Click here to register for one of our Training Courses.