With the blurring of the lines between work and private life, the need for employers to fully understand data protection in the workplace is more important than ever before. Additionally, a much greater number of employers are enacting Bring Your Own Device (BYOD) policies in the workplace as more and more employees wish to use personal technologies at work. Recently I wrote an article highlighting the crucial considerations of a workplace BYOD policy, and with a recent update on data protection the workplace by an independent European Advisory body, it is necessary and beneficial to revisit this issue.

Data protection is a very sensitive issue sweeping the globe at the moment. With the access to information becoming easier and easier, there is even more of a need to protect private data. The most effective way to ensure employers are adhering to data protection laws and are not infringing on the private lives of employees is to know the rules and have policies in place. So, in this post I intend to shed light on the most important points for employers and employees to consider when it comes to data protection in the workplace following the EU working party’s update.
 
1. Limit Data Collected on Employees

Firstly, and perhaps most importantly, it is vital that employers limit the amount of data they collect on employees. It is not acceptable for employers to sit back and let data on employees collate – businesses should be actively ensuring that they are only in possession of the minimum amount of data they need on each employee. Simply put, employers should only hold data on employees that is absolutely essential.

2. Destroy redundant Data

Following on from the first point, making sure that employee data which is no longer being used is destroyed immediately should be a top priority for an employer. This may take time and administration, however it can be invaluable when it comes to covering employers should there be any litigation battles around data protection in the workplace. In addition, make sure that employees are fully aware of exactly what data on them is held. This kind of transparency makes for a much smoother, open and fair workplace environment and again, helps to avoid any legal complications around data protection.
 
3. Social Media Accounts are Not Free Data

Whether social media accounts are public or private, employee data present on their profiles must not be considered data that can be processed by employers. Importantly, employers cannot demand an employee to provide access to their social media profiles, unless of course there they have legal grounds to do so.
 
Granted, there is also a degree of responsibility on employees to limit the amount of personal data they put onto a public social media account, not for fear that it may be processed by an employer, but simply due to the fact that information is visible to all – not just your employer. Be careful what you post, be diligent in your choice of words online and make sure the information you do have online is kept behind well encrypted passwords.

4. Employers Owning Electronics Doesn’t Grant Right To Own All Data

Often an employer will provide electronics rather than have a BYOD policy in place. There are many benefits to this – from having homogenised electronics across a business to allowing for a clearer divide between work and personal related data. However, it is crucial that employers bear in mind that just because a device is supplied by the business, doesn’t mean all of the data stored on it belongs to the company.
 
In short, an employee’s personal data is an employee’s personal data, regardless of what device it’s stored on. This principle is fundamental when it comes to upholding employee rights and making sure that employers are not breaching employee rights to privacy. Finally, employees should always shield private communication from work related monitoring to minimise the potential for an employer to be encroaching on their private lives.

5. Include a Policy on Personal Communications

When drawing up policies on data protection in the workplace, be sure to include guidelines on personal communication. This is as important for the employer that provides electronics as it is for a business operating a BYOD policy.

It is, of course, unrealistic in this day and age not to allow personal communications in the workplace. In fact, the EU working party argue that a blanket ban on communication for personal reasons is “impractical and enforcement may require a level of monitoring that may be disproportionate.” Nonetheless, employers need to ensure that employees know the rules and employees must be sure not abuse the system in place.

Ultimately, failing to understand the intricacies of data protection in the workplace leaves an employer vulnerable to litigation and an employee at risk of an invasion of privacy. In a nutshell, both companies and employees must make sure they keep on top of the ever-changing regulations with regard to data protection - it’s no longer a choice, it’s a necessity.
 
For more helpful HR tips and advice, CLICK HERE to sign up to our newsletter.
 


 
​

When you read the acronym BYO you would be forgiven for your mind jumping to the old mantra ‘bring your own booze’. However, in the tech age, the new BYO policy sweeping the workplace is actually BYOD – ‘bring your own device’! The idea of being allowed to bring and utilise your own personal tech device in the workplace - be it a smart-phone, tablet or laptop - is appealing to many workers, not least those in technology and IT sectors. In addition, more flexible working conditions and the increase of staff working remotely has lead to a rise in the use of personal technology to conduct business.

That being said, the catch with BYOD is that many employees enact this policy without their employer’s knowledge. This obliviousness on behalf of the employer can be dangerous for an organisation’s data security, especially if workers are using personal devices to connect to a company network in an unregulated way. All the more reason therefore to have a formal BYOD policy in place.

So, here at the HR Department, we thought we would highlight 3 important things for employers to think about when it comes to implementing a BYOD policy:

1.  Make Sure the Policy is Crystal Clear

When considering going forward with a BYOD policy in the workplace, it is essential to have a well-defined, easily understood policy for all employees. It’s also vital to make sure all new hires are aware of the system in place. Here are a number of points which must be highlighted in any BYOD policy:

​- How company data is secured from departing employee devices
- How company data is stored and what access control measures will be in place
- How working time may change with any flexible working arrangements
- How a breach of BYOD rules will be disciplined
- How to opt-out of a BYOD policy

2. Beware of the Potential Costs

A BYOD policy can undoubtedly lead to greater workplace productivity - workers often feel more empowered and motivated when using their own devices. BYOD also has the potential to reduce company costs as it leads to reduced spending on hardware, software and device maintenance. Of course, companies don’t have to fork out to provide devices for their employees either. Despite this, it may in fact be costly for a company to ensure that a wide variety of personal devices are supported and integrated on a company’s network. Employers should make sure they weigh up the costs before implementing any policy. 

Finances aside, there could be another cost to a BYOD policy: data security. Ensuring there are measures in place if an employee’s device is lost or stolen is of paramount importance. It is also crucial that employees know exactly what procedure to follow should this happen in order to protect company data.
 
3. Stay Ahead of the Curve

To say that things are constantly changing in the tech world is an understatement.  The rate at which hackers are finding new ways of accessing sensitive data is alarming. It is therefore essential to constantly update a company BYOD policy to minimise any possible data loss or leak of secure company information. Keeping on top of your BYOD policy should be an on-going process which adapts to technological advances and prioritizes data security.

As it becomes increasingly difficult for employers to retain talent in the workplace it is more and more essential to harness a good company culture. Undoubtedly a clear BYOD policy plays a key role here. An effective policy can lead to happier, more productive staff who are more likely to stick around.

That being said BYOD may not suit every business and some employees may prefer to keep their personal and work devices separate. Employers should assess if their company, or indeed certain departments within their business, would benefit from BYOD and implement the policy as they see fit. Either way, it’s better for a company to be well versed in all aspects of BYOD than face the complications that arise from a lack of understanding in this area.
 
For more helpful HR tips and advice, CLICK HERE to sign up to our newsletter.