Skip to content
LegalVision UK

Can My UK Business Ask Staff to Use Their Personal Mobile Phones to Call Clients?

By Malaikah Khattak
Solicitor

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn | Share on Reddit

Summary

  • Under the UK GDPR, asking staff to use personal mobile phones for business purposes can constitute a data protection breach, as personal phone numbers are classed as personal data and must be handled accordingly.
  • The UK GDPR does not outright ban the use of personal mobile phones for work, but it does require businesses to take steps to protect both employees’ and customers’ personal information when such devices are used.
  • Businesses can achieve compliance by requiring staff to withhold their personal number when making business calls or by using an app that provides an alternative telephone number through their personal handset.
  • This article is a guide to GDPR compliance and the use of personal mobile phones in the workplace for business owners operating in the UK, produced by LegalVision, a commercial law firm.
  • LegalVision specialises in advising clients on data protection and UK GDPR compliance.

Tips for Businesses

Introduce a Mobile Devices policy that sets clear rules on when and how staff may use personal phones for work. Require employees to withhold their personal number or use a business calling app. Regularly review your data handling practices to ensure personal information belonging to staff and customers remains protected.

Summarise with:
ChatGPT logo ChatGPT Perplexity logo Perplexity

Open now
On this page

As a UK business owner, you know that data protection compliance matters. Every UK company owner knows the Information Commissioner’s Office (ICO) can fine UK organisations up to £17.5m. However, some business owners overlook that asking staff to use personal mobile phones to make business-related calls can be a data protection offence. This article will explore the potential disadvantages of asking staff to use their personal mobile phones, to help your business avoid falling foul of the General Data Protection Regulation (GDPR) and facing a potential ICO fine.

What is the GDPR?

The General Data Protection Regulation (UK GDPR) is a critical law providing data protection rules for UK businesses. The GDPR focuses on the use and handling of ‘personal data’. Personal information includes all data which you can use to identify an individual.

This definition is extensive and can include the following:

  • date of birth;
  • full name;
  • home address;
  • car registration number;
  • credit and debit card details;
  • health information;
  • email address; and
  • mobile phone number.

It is important to note that personal phone numbers and email addresses constitute personal information, meaning you must handle them according to GDPR rules.  

Any business that forces staff to disclose their personal information to third parties and consumers without exceptional reasoning is likely to have breached the GDPR. For example, the ICO has not typically taken kindly to UK companies asking employees to make business calls on their own mobile phones.

Does the GDPR Ban Personal Phones for Business?

The short answer to this question is ‘it depends’.  

While the GDPR does not provide an outright ban on using personal mobile phones for business purposes, it does set limits on their use. The aim of limiting personal mobile use is to achieve two things:

  1. avoiding employees’ personal data getting into the hands of third parties; and
  2. ensuring customer data and third-party information cannot be stored and saved by staff outside your computer system.

Let us explore scenarios where your business should and should not ask employees to use personal mobile devices below.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form, and we will contact you within one business day.

When Can I Ask Staff to Use Personal Mobiles?

Your business will ensure compliance with data protection rules if it asks staff to use their personal mobile phones in a way that protects their information.

The most obvious example of mobile phone-related personal information is the mobile phone number itself. For this reason, many businesses ask their staff to block their number when calling individuals for business purposes. Individuals can do this within the settings of most smartphones or, where this is not possible, by calling through a specific number.

However, businesses know that many individuals do not answer calls from ‘unknown’ or ‘withheld’ numbers, so this is not always feasible. In such cases, companies can ask their staff to use an app that provides an alternative telephone number. These systems usually work by having the individual log in to another phone through their personal handset.

When Should I Avoid Asking Staff to Use Their Mobiles?

The primary rule is to ask staff to call an individual after first protecting their personal mobile number. Asking an employee to call through their own mobile phone number risks:

  • the third party providing their phone number to others without their consent; 
  • that staff member being harassed or stalked through their phone number; or
  • the third party using malicious code within messages to plant a virus or GPS location data tracking bug.

Whilst these risks can exist with company mobile phones, they occur to a lesser extent as most company phones are turned off at the end of the business day. Additionally, you can easily change company mobile numbers. In contrast, individuals usually try to keep the same mobile phone number permanently due to the inconvenience of changing it.

In this way, any business that wants staff to use personal devices for work purposes should provide a suitable app or cloud-based log-in system to mask and protect their device.

Key Statistics

  1. £17.5 Million: The maximum fine the ICO can impose on UK organisations for serious GDPR breaches, with over 160 fines issued to businesses between 2021 and 2024 for data protection failures.
  2. 83%: Of UK data breaches involve human error, including improper use of personal devices for business purposes, highlighting the significant compliance risk of unmanaged mobile phone policies.
  3. 3 in 5: UK employees regularly use personal devices for work-related tasks, yet fewer than half of their employers have a formal Mobile Device policy in place to manage associated data protection risks.

Sources

  1. Information Commissioner’s Office (ICO), Annual Report and Financial Statements, 2023–24
  2. UK Cyber Security Breaches Survey, Department for Science, Innovation and Technology (DSIT), 2024
  3. Chartered Institute of Personnel and Development (CIPD), Workplace Technology and Data Compliance Report, 2023

Key Takeaways

Ensuring staff use their personal mobile phones in limited circumstances is a good way of achieving GDPR compliance. Some business owners set limits on using staff mobiles by asking a lawyer to draft a suitable Mobile Devices policy. However, the primary GDPR rule is to ensure that personal information belonging to your staff or customers is kept safe and secure.

If you need help ensuring the safe use of personal mobile phones in the workplace, LegalVision provides ongoing legal support for businesses through our fixed-fee legal membership. Our experienced [insert data, privacy and IT lawyers help businesses manage contracts, employment law, disputes, intellectual property, and more, with unlimited access to specialist lawyers for a fixed monthly fee. To learn more about LegalVision’s legal membership, call 0808 196 8584 or visit our membership page.

Frequently Asked Questions

Is a Mobile Devices policy mandatory?

No, they are not mandatory, but they can help avoid confusion. For example, if an individual is unsure whether to use their mobile phone for a work task, they can check the policy.

Why is the use of personal mobile devices becoming more of an issue?

Because, compared to twenty years ago, individuals tend to own multiple internet-enabled devices. Where an individual might have been lucky to own a mobile phone, most people now own smartphones, smartwatches, tablets and laptops.

What are the main risks of asking staff to use personal mobile phones for business calls?

Asking staff to call through their personal numbers risks exposing their private information to third parties, potential harassment or stalking, and malicious code attacks. These risks are greater with personal phones than company devices, which employees can easily change or switch off after hours.

How can my business stay GDPR compliant when staff need to make business calls?

You can ask staff to block their personal number when making business calls or use an app that provides an alternative telephone number. This protects employees’ personal data from third parties accessing it without their consent, reducing your risk of an ICO fine.

Register for our free webinars

Five Essential Contracts Every Business Needs

Online
Learn the five essential contracts every business needs. Register for our free webinar.
Register Now

Protecting Your Most Valuable Asset: IP Risk in the Age of AI

Online
Learn how AI impacts IP law and discover strategies to protect your intellectual property in our free webinar. Register now.
Register Now

Handling Customer Data Safely: GDPR Essentials for Businesses

Online
Learn lawful data collection, third-party processing risks, and practical steps to handle personal data confidently in your business. Register today.
Register Now

Global Disruption And Rising Costs: What Your Contracts Should Cover

Online
Manage global disruption and rising costs with clearer contract terms. Register for our webinar today.
Register Now
See more webinars >

Malaikah Khattak

Solicitor | View profile

Malaikah is a Solicitor at LegalVision within the Corporate and Commercial team. She assists on a broad range of Commercial Contract matters, as well as Corporate matters.

Qualifications: Bachelor of Laws (Hons), University of Birmingham, 

Read all articles by Malaikah

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

Managing Staff Using Personal Mobile Phones at Work in the UK 

Covering Your Employees’ Working From Home Expenses in England

Different Types of Flexible Working in the UK

Do GDPR Rules Cover My Company’s Telephone Conversations in the UK?

LegalVision is an award-winning business law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards