GDPR Bring Your Own Device BYOD Policy

What does BYOD stand for?

Bring Your Own Device (BYOD) — also is called Bring Your Own Technology (BYOT), Bring Your Own Phone (BYOP), or Bring Your Own Personal Computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to use an officially provided device. This can be a laptop, mobile device, smart device, or any other ICT related device that you also use personal but now also will use at work. So it is best described as a situation where employees are using their own devices for work.

Why do you need a BYOD policy?

Although BYOD as many advantages like increased productivity, reduced company device costs, increase employee loyalty, and more easy employee incoming and outcoming transition, it also brings several new challenges that need to be taken care of. For example:

• Maintain employee privacy
• Business network security
• Device security
• Data security
• Mis usage
• Reimbursement

So there must be a structure for security and data usage for BYOD to work. This is where implementing a BYOD Policy comes into play. Employee must mandate device controls such as passwords, pins, or biometric settings in order to enable access to the device. Only authorized people should be permitted to use these devices. Data encryption should be used to protect sensitive information. In some cases it is even necessary to mandate that only essential apps should be installed on employee-owned devices to reduce the risk of exposure to malware or data breaches. Also, there must be a set of rules in place for when employees depart the company to ensure all company access and material is securely removed from their devices. A thorough BYOD policy will include the most important rules and regulations regarding employ usage of their own devices.

Is a BYOD policy required?

Having a well-implemented BYOD policy in place is compulsory according to the EU General Data Protection Regulation (GDPR) directive. GDPR is a directive that provides guidelines on (personal) data protection rights to all data processors of (personal) data of EU citizens. Regardless of where their data is processed. It aims to make Europe fit for the digital age and it affects all companies that save personal data from European citizens. 

Are you looking for this Bring Your Own Device Policy (BYOD) Policy? Is your organization already GDPR proof? Please note the original enforcement date was 25 May 2018, at which time those organizations in non-compliance may face heavy fines. If you did not yet implement a BYOD policy than this is a good time to start. The easy way is by downloading this BYOD-Policy now.