Bring your own device (BYOD)
Bring your own device (BYOD)

The following Risk & Compliance guidance note provides comprehensive and up to date legal information covering:

  • Bring your own device (BYOD)
  • What is BYOD?
  • Key risks and benefits of BYOD?
  • Protecting against security risks
  • Choosing the right technical solution—security
  • Monitoring employees and/or remotely accessing employees' devices
  • Information and transparency
  • Loss of employees' data
  • Data protection impact assessment (DPIA)
  • The consequences of getting it wrong

Brexit: As of exit day (31 January 2020), the UK is no longer an EU Member State, but it has entered an implementation period during which it continues to be treated by the EU as a Member State for many purposes. The UK must continue to adhere to its obligations under EU law, including in relation to data protection, and the ICO has confirmed the GDPR will continue to apply during the implementation period. For more information, see: Practice Note: Brexit—implications for data protection.

What is BYOD?

'Bring your own device' (BYOD) refers to arrangements where an organisation allows designated employees to connect to its corporate IT network using their own communications devices, for specific, work-related purposes. These arrangements will most commonly apply to use by staff of their personal devices for work. However, the term ‘BYOD’ may also be used in other situations, such as access to an educational institution’s network by its students or access to an organisation’s network by its customers or business partners, as a way to exchange and update information. BYOD arrangements may cover a range of devices, including laptops, tablets and smartphones.

This Practice Note focuses on BYOD in the employment relationship.

Key risks and benefits of BYOD?

Key risk or benefit