Data protection: BYOD guidance

Data protection: BYOD guidance

“Bring your own device” (or “BYOD”) is a term used to refer to where employees use their personal computing devices (such as smart phones and tablets) in the workplace.  Permitting use of such devices to connect to corporate IT systems can introduce a range of security vulnerabilities and other data protection concerns if not correctly managed.

The Information Commissioner has published new guidance, exploring what organisations need to consider when permitting the use of personal devices at work.  It includes practical steps to help businesses adopt BYOD safely and in a manner that complies with the Data Protection Act.  Key recommendations include: 

  • Be clear with staff about which types of personal data may be processed on personal devices and which may not
  • Use a strong password to secure the devices
  • Enable encryption to store data on the device securely
  • Ensure that access to the device is locked or data automatically deleted if an incorrect entry is input too many times
  • Use public cloud-based sharing and public backup services, which have not been fully assessed, with extreme caution, if at all
  • Register devices with a remote locate and wipe facility to maintain confidentiality of the data in the event of loss or theft

The publication of this guidance coincides with the results of a YouGov survey, commissioned by the Information Commissioner’s Office, which reveals that 47% of all UK adults now use their personal smartphone, laptop or tablet computer for work.  However, less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising worrying concerns that people may not understand how to look after the personal information accessed and stored on these devices.

A copy of the guidance can be found here:

For further information about the guidance, please contact Beverley Flynn on


Contact our experts for further advice

Search our site