How to establish an effective and balanced data protection policy?

In this commentary, Sabine de Paillerets and Mélanie Chrétienne, respectively partner in the Employment Law department and associate of BCTG Avocats, analyse the issues and points of caution regarding BYOD (“Bring your own device”), a policy that allows employees to use their own telephone / IT equipment for business purposes.

Although companies’ legal duties include the obligation to provide their employees with the necessary tools to perform their jobs, employers may authorise them to use their personal telephone / digital equipment (smartphone, laptop, tablet) for business purposes.  

This practice, which has been observed for several years, is known by the acronym “BYOD”, which stands for “Bring Your Own Device.”  In France, it is also known by the French acronym “AVEC”, which stands for “apportez votre équipement personnel de communication.”

As private internet networks have improved and as remote working and the use of smartphones and tablets have become widespread, many employees, as well as employers, have embraced this practice that provides employees with greater flexibility and comfort their work organisation (i.e. the number of terminals employees use is reduced), and which can generate significant savings for employers.

However, this expanding practice further blurs the line between work and personal life and also creates IT security risks for companies.  

In such a context, employers must be cautions in the implement a “BYOD” policy (2) in order to anticipate and manage the risks to the security of the company’s data, as well as to the privacy of connected employees, and (3) in order to comply with the laws in force, particularly the laws governing personal data processing.  

Click here