Without proper risk management, permitting employees to use personal devices for work opens the door to a wave of additional cyber-security concerns. And if your business suffers from a data breach at the hands of an employee’s personal device, your directors and officers, senior managers or even data protection officer (if you are required to have one) could be held liable on account of negligence.
If you allow Bring Your Own Device (BYOD) at your organisation, consider these GDPR compliance tips to avoid a personal device disaster:
- Conduct mandatory GDPR training for all employees, regardless of seniority or department. Include detailed guidance on personal device use to ensure your staff is aware of how to keep both their own data and customer data secure on any network or device.
- Communicate regularly with the IT department to make sure that all BYOD risks are being controlled and data is kept secure.
- Implement a BYOD policy that stays compliant with all applicable guidelines in the GDPR. Be sure to enforce this policy and establish strict consequences if an employee fails to meet the requirements.
For more guidance on insurance solutions, such as cyber-cover and D&O insurance, contact ICB Group today.
The content of this Profile is of general interest and is not intended to apply to specific circumstances. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice. Further, the law may have changed since first publication and the reader is cautioned accordingly.
© 2019 Zywave, Inc. All rights reserved.