Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Potential GDPR requests from personal mobile phone as a result of work related useage?

  • 13-12-2021 1:09am
    #1
    Registered Users, Registered Users 2 Posts: 84,733 ✭✭✭✭
    M


    If you use your personal mobile phone in relation to your employment can it be subject to GDPR? Basically if used for conversing with collegues over voice and the occassional corporate communication but zero client data ever transfered. Currently have personal mobile used like this but if this means it's then subject to GDPR I'd prefer to discountinue using immediately and ask employer to provide me with a phone for this purpose instead.



Comments

  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    What personal information would be subject to GDPR ?

    why are you using a personal phone with corporate apps on it ?

    what is the company's policy on mobile devices ... are you permitted to use corporate apps on your phone?

    if you are worried just don't use your phone and use company issued devices only,



  • Registered Users, Registered Users 2 Posts: 26,989 ✭✭✭✭Peregrinus


    GDPR doesn't apply to phones or other appliances; it applies to data, and the processing of data.

    So if you're processing the personal data of other people on your phone, yes, conceivably they could have a right of access to that data.

    There is a general exemption for data processed "by a natural person in the course of a purely personal or household activity". But if you're processing date for your employer in connection with your employer's trade or business that exemption wouldn't cover you.

    But a lot of this would be very marginal. If you receive a work-related phone call from Joe, your phone call log has a record of the fact that Joe called you on a certain date and time, and that's personal data relating to Joe. Because you received the call not purely for personal or household purposes, it's not exempt. So in principle Joe could demand the data on your phone about all his work-related calls to you. But that data will just be date, time, duration, and that data already resides on Joe's phone, so why would he come looking to you for it?

    Similarly Joe might be interested in any work-related emails to or from you that contain personal data of his. But he would be foolish to look just for the data that resides on your phone; that will presumably be very partial; very gappy. He'll want the data from your employer's email server, surely?

    Nothing would entitle Joe to get access to data from your phone that is not personal data of his, or that is covered by the "personal or household activity" exemption. So if you are worried that Joe gets to romp around freely in your phone and check out all those interesting sites in your browser history, no, he doesn't.

    But, obviously, it could be a pain for you to have to go through, identify the data that Joe is entitled to, and send it to him.

    Given what I think of as "normal" use of a personal phone for work-related purposes, I think it's wildly unlikely that anyone would ever make a data access request to you. But if you are concerned to avoid even the wildly unlikely, or if your work-related use is "abnormal", yeah, your best protection is not to use your personal phone for purposes connected with work (and, if given a work phone, to use it only for purposes connected with with, obviously).



  • Registered Users, Registered Users 2 Posts: 190 ✭✭Luttrell1975


    I don't agree fully, in that you say devices are treated differently paper files or desktop applications used by your employer. I am not so sure that you can cleanly assume that a phone or other mobile device doesn't end up holding sensitive customer data.

    Take the case of whatsapp. If your employer uses whatsapp to discuss sensitive commercial or customer data then your phone might be subject to a data subject request, and so be discoverable. I have never heard of this happening in real life. Theoretically a loss of the device, or the employer not specifying how long the data can be retained on your phone would be a breach.

    More serious than GDPR is criminal investigation. Solicitor Richard Grogan has recently warned that employees should not agree to use their personal devices as they can be seized by court order in an investigation.



Advertisement