Skip to content
LegalVision UK

Can My UK Business Ask Staff to Use Their Personal Mobile Phones to Call Clients?

Avatar photo

By Thomas Sutherland

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

As a UK business owner, you know that data protection compliance matters. Every UK company owner knows the Information Commissioner’s Office (ICO) can fine UK organisations up to £17.5m. However, some business owners overlook that asking staff to use personal mobile phones to make business-related calls can be a data protection offence. This article will explore the potential disadvantages of asking staff to use their personal mobile phones. This should allow your business to avoid falling foul of the General Data Protection Regulation (GDPR) and facing a potential ICO fine. 

What is the GDPR?

The General Data Protection Regulation (UK GDPR) is a critical law providing data protection rules for UK businesses. The GDPR focuses on the use and handling of ‘personal data’. Personal information includes all data which you can use to identify an individual.

This definition is extensive and can include the following:

  • date of birth;
  • full name;
  • home address;
  • car registration number;
  • credit and debit card details;
  • health information;
  • email address; and
  • mobile phone number.

It is important to note that personal phone numbers and email addresses constitute personal information, meaning you must handle them according to GDPR rules.  

Any business that forces staff to disclose their personal information to third parties and consumers without exceptional reasoning is likely to have breached the GDPR. For example, the ICO has not typically taken kindly to UK companies asking employees to make business calls on their own mobile phones.

Does the GDPR Ban Personal Phones for Business?

The short answer to this question is ‘it depends’.  

While the GDPR does not provide an outright ban on using personal mobile phones for business purposes, it does set limits on their use. The aim of limiting personal mobile use is to achieve two things:

  1. avoiding employees’ personal data getting into the hands of third parties; and
  2. ensuring customer data and third-party information cannot be stored and saved by staff outside your computer system.

Let us explore scenarios where your business should and should not ask employees to use personal mobile devices below.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

When Can I Ask Staff to Use Personal Mobiles?

Your business will ensure compliance with data protection rules if it asks staff to use their personal mobile phones in a way that protects their information.

The most obvious example of mobile phone-related personal information is the mobile phone number itself. For this reason, many businesses ask their staff to block their number when calling individuals for business purposes. Individuals can do this within the settings of most smartphones or, where this is not possible, by calling through a specific number.

However, businesses know that many individuals do not answer calls from ‘unknown’ or ‘withheld’ numbers, so this is not always feasible. In such cases, companies can ask their staff to use an app that provides an alternative telephone number. These systems usually work by having the individual log in to another phone through their personal handset.

When Should I Avoid Asking Staff to Use Their Mobiles?

The primary rule is to ask staff to call an individual after first protecting their personal mobile number. Asking an employee to call through their own mobile phone number risks:

  • the third party providing their phone number to others without their consent; 
  • that staff member being harassed or stalked through their phone number; or
  • the third party using malicious code within messages to plant a virus or GPS location data tracking bug.

Whilst these risks can exist with company mobile phones, they occur to a lesser extent as most company phones are turned off at the end of the business day. Additionally, you can easily change company mobile numbers. In contrast, individuals usually try to keep the same mobile phone number permanently due to the inconvenience of changing it.

In this way, any business that wants staff to use personal devices for work purposes should provide a suitable app or cloud-based log-in system to mask and protect their device.

Key Takeaways

Ensuring staff use their personal mobile phones in limited circumstances is a good way of achieving GDPR compliance. Some business owners set limits on using staff mobiles by asking a lawyer to draft a suitable Mobile Devices policy. However, the primary GDPR rule is to ensure that personal information belonging to your staff or customers is kept safe and secure.

If you need help ensuring the safe use of personal mobile phones in the workplace, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.  

Frequently Asked Questions

Is a Mobile Devices policy mandatory?

No, they are not mandatory, but they can help avoid confusion. For example, if an individual is unsure whether to use their mobile phone for a work task, they can check the policy.

Why is the use of personal mobile devices becoming more of an issue?

Because, compared to twenty years ago, individuals tend to own multiple internet-enabled devices. Where an individual might have been lucky to own a mobile phone, most people now own smartphones, smartwatches, tablets and laptops.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

Managing Staff Using Personal Mobile Phones at Work in the UK 

Covering Your Employees’ Working From Home Expenses in England

Different Types of Flexible Working in England

Do GDPR Rules Cover My Company’s Telephone Conversations in the UK?

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards