Table of Contents
As a UK business owner, you know that data protection compliance matters. Every UK company owner knows the Information Commissioner’s Office (ICO) can fine UK organisations up to £17.5m. However, some business owners overlook that asking staff to use personal mobile phones to make business-related calls can be a data protection offence. This article will explore the potential disadvantages of asking staff to use their personal mobile phones. This should allow your business to avoid falling foul of the General Data Protection Regulation (GDPR) and facing a potential ICO fine.
What is the GDPR?
The General Data Protection Regulation (UK GDPR) is a critical law providing data protection rules for UK businesses. The GDPR focuses on the use and handling of ‘personal data’. Personal information includes all data which you can use to identify an individual.
It is important to note that personal phone numbers and email addresses constitute personal information, meaning you must handle them according to GDPR rules.
Any business that forces staff to disclose their personal information to third parties and consumers without exceptional reasoning is likely to have breached the GDPR. For example, the ICO has not typically taken kindly to UK companies asking employees to make business calls on their own mobile phones.
Does the GDPR Ban Personal Phones for Business?
The short answer to this question is ‘it depends’.
While the GDPR does not provide an outright ban on using personal mobile phones for business purposes, it does set limits on their use. The aim of limiting personal mobile use is to achieve two things:
- avoiding employees’ personal data getting into the hands of third parties; and
- ensuring customer data and third-party information cannot be stored and saved by staff outside your computer system.
Let us explore scenarios where your business should and should not ask employees to use personal mobile devices below.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
When Can I Ask Staff to Use Personal Mobiles?
Your business will ensure compliance with data protection rules if it asks staff to use their personal mobile phones in a way that protects their information.
The most obvious example of mobile phone-related personal information is the mobile phone number itself. For this reason, many businesses ask their staff to block their number when calling individuals for business purposes. Individuals can do this within the settings of most smartphones or, where this is not possible, by calling through a specific number.
However, businesses know that many individuals do not answer calls from ‘unknown’ or ‘withheld’ numbers, so this is not always feasible. In such cases, companies can ask their staff to use an app that provides an alternative telephone number. These systems usually work by having the individual log in to another phone through their personal handset.
When Should I Avoid Asking Staff to Use Their Mobiles?
The primary rule is to ask staff to call an individual after first protecting their personal mobile number. Asking an employee to call through their own mobile phone number risks:
- the third party providing their phone number to others without their consent;
- that staff member being harassed or stalked through their phone number; or
- the third party using malicious code within messages to plant a virus or GPS location data tracking bug.
Whilst these risks can exist with company mobile phones, they occur to a lesser extent as most company phones are turned off at the end of the business day. Additionally, you can easily change company mobile numbers. In contrast, individuals usually try to keep the same mobile phone number permanently due to the inconvenience of changing it.
Key Takeaways
Ensuring staff use their personal mobile phones in limited circumstances is a good way of achieving GDPR compliance. Some business owners set limits on using staff mobiles by asking a lawyer to draft a suitable Mobile Devices policy. However, the primary GDPR rule is to ensure that personal information belonging to your staff or customers is kept safe and secure.
If you need help ensuring the safe use of personal mobile phones in the workplace, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
No, they are not mandatory, but they can help avoid confusion. For example, if an individual is unsure whether to use their mobile phone for a work task, they can check the policy.
Because, compared to twenty years ago, individuals tend to own multiple internet-enabled devices. Where an individual might have been lucky to own a mobile phone, most people now own smartphones, smartwatches, tablets and laptops.
We appreciate your feedback – your submission has been successfully received.