Skip to content
LegalVision UK

Three Data Protection Issues Arising From Personal Mobile Use in the Workplace in the UK

Avatar photo

By Thomas Sutherland

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

Using personal mobile phones in the workplace has become commonplace. In the UK, most of the working population owns a smartphone, and many use this device to access work-related emails, files and applications. However, using personal mobiles in the workplace raises several data protection issues that your business needs to understand. This article will outline three key data protection issues arising from using personal mobiles in the workplace, so your company can take practical steps to protect its interests.

1. Lack of Data Control

One data protection law issue arising from using personal mobiles in the workplace is employers’ lack of control over the device.

When your staff use their smartphones for work-related purposes, you have limited control over their device. If they lose their smartphone or it is stolen, your business may struggle to secure the work emails and stored data.

Your business is responsible for securing personal data under data protection legislation (such as the Data Protection Act 2018). Therefore, if an employee uses their smartphone to access work-related information, you are responsible for protecting that data.

Additionally, the General Data Protection Regulation (GDPR) sets out strict requirements for the processing of personal data, which include:

  • processing personal data lawfully and fairly;
  • ensuring that personal information is obtained and stored proportionately and transparently; and
  • putting appropriate security measures in place to protect personal data.

Any failure to comply with GDPR rules can result in hefty financial penalties from the Information Commissioner’s Office (ICO) of up to £17.5m.

To mitigate this risk, your company should have clear written policies outlining the acceptable use of a personal phone in the workplace. In addition, these policies should include guidelines for the security of data stored on smartphones and outline the procedures staff should follow in case of a lost or stolen device.

2. Mixing Personal and Work Data

Another data protection issue arising from using personal mobiles in the workplace is mixing personal and work-related data. When employees use their personal mobiles to access work-related data, it can be difficult to separate it from personal data stored on the device.

Mixing personal and work data can lead to data protection issues, particularly if the device is lost or stolen. In these cases, it may be challenging to determine which information is personal and which is work-related. Accordingly, this makes it difficult to protect sensitive data.

You can mitigate this risk by encouraging staff to keep personal and work-related data separate on their smartphones. Your business can achieve this through mobile device management (MDM) software, which allows employees to create different containers for personal and work-related data on the device.

However, some employees feel that MDM software is intrusive and is a potential invasion of privacy. This means that it is not a one-size-fits-all solution.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

3. Employee Privacy Issues

Using personal mobiles in the workplace can also raise issues with staff privacy. Companies have a responsibility to respect the privacy of their staff, including the confidentiality of personal data stored on their smartphones.

One issue is that when staff use their personal smartphones to access work-related data, there is a potential overlap whereby your business may access personal data on that device. This could include private emails, text messages and photos unrelated to work.

You can seek to manage this risk through written policies that outline the circumstances under which your company can access personal data on an employee’s smartphone. You should communicate these policies to employees, who should be allowed to consent for personal data access in specific circumstances.

A commonly written policy is a bring-your-own-device (BYOD) policy. A BYOD policy seeks to set boundaries on using personal devices for work purposes. Additionally, it outlines security rules, such as ensuring strong passwords and encryption use.

Key Takeaways

Using personal smartphones in the workplace is a common practice in the UK. However, this practice raises several data protection issues, including a lack of control over work-related data and a potential invasion of staff privacy. You can address these issues through effective written policies and mobile device management software. Many business owners obtain expert legal advice to ensure that personal data is kept secure and their company fully complies with all relevant data protection requirements.

If you need help ensuring safe personal mobile use in the workplace, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.  

Frequently Asked Questions

Why does the GDPR not mandate that businesses provide work phones?

The GDPR acknowledges that some businesses lack the funds to provide smartphones to all staff members but may still wish individuals to work on the move.

How common are personal smartphones in the UK?

The vast majority of the working population has a smartphone. Current projections predict that there will be 65 million active smartphone users in the UK by 2025.  

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

4 Common Challenges Your Company Will Face With the GDPR in the UK

Are CCTV Systems Safe for My UK Business to Use Under the GDPR?

Are Email Disclaimers Mandatory for UK Businesses Under the GDPR?

Do GDPR Rules Cover My Company’s Telephone Conversations in the UK?

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards