{"id":1,"date":"2025-06-12T11:19:00","date_gmt":"2025-06-12T11:19:00","guid":{"rendered":"https:\/\/new.socratouslaw.com\/?p=1"},"modified":"2025-06-13T10:07:44","modified_gmt":"2025-06-13T10:07:44","slug":"data-protection-commissioner","status":"publish","type":"post","link":"https:\/\/new.socratouslaw.com\/?p=1","title":{"rendered":"Cyprus Data Protection Commissioner Issues Directive on Employees\u2019 Use of Personal Mobile Phones"},"content":{"rendered":"\r\n<p class=\"p1\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-6702\" src=\"https:\/\/new.socratouslaw.com\/wp-content\/uploads\/2019\/03\/Coporate-Securities1200-300x118.jpg\" alt=\"\" width=\"300\" height=\"118\" srcset=\"https:\/\/new.socratouslaw.com\/wp-content\/uploads\/2019\/03\/Coporate-Securities1200-300x118.jpg 300w, https:\/\/new.socratouslaw.com\/wp-content\/uploads\/2019\/03\/Coporate-Securities1200-1024x401.jpg 1024w, https:\/\/new.socratouslaw.com\/wp-content\/uploads\/2019\/03\/Coporate-Securities1200-768x301.jpg 768w, https:\/\/new.socratouslaw.com\/wp-content\/uploads\/2019\/03\/Coporate-Securities1200.jpg 1200w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><br \/><br \/>In a move to harmonise and clarify current workplace practices, the Office of the Commissioner for Personal Data Protection in Cyprus has published Directive No. 1\/2025 concerning the use of personal mobile devices for work-related tasks<span class=\"Apple-converted-space\">\u00a0 <\/span>. This guidance responds to the growing trend of \u201cbring your own device\u201d (BYOD) arrangements and the attendant privacy and security risks for both employees and employers.<\/p>\r\n<p class=\"p1\">The Directive opens by noting the ubiquity of personal smartphone use in professional contexts\u2014ranging from electronic signature capture and one-time password retrieval to accessing corporate email and monitoring staff attendance. While such practices can enhance efficiency, they also carry potential threats to workers\u2019 privacy and to the integrity of employers\u2019 data systems<span class=\"Apple-converted-space\">\u00a0 <\/span>.<\/p>\r\n<p class=\"p3\"><b>A Presumption of Prohibition with Limited Exceptions<\/b><b><\/b><\/p>\r\n<p class=\"p1\">At its core, the Directive establishes a clear rule: no employee may be compelled to use their personal mobile phone for work purposes<span class=\"Apple-converted-space\">\u00a0 <\/span>. Three specific exceptions permit voluntary use:<\/p>\r\n<p class=\"p4\">1. The employee expressly wishes to use their own device.<\/p>\r\n<p class=\"p4\">2. Use genuinely facilitates the performance of their duties.<\/p>\r\n<p class=\"p4\">3. No processing of the employee\u2019s personal data by the employer is involved.<\/p>\r\n<p class=\"p1\">Should an employee decline to use their personal device\u2014even where no data processing takes place\u2014the employer must offer an alternative solution and ensure that the employee faces no adverse consequences for doing so<span class=\"Apple-converted-space\">\u00a0 <\/span>.<\/p>\r\n<p class=\"p3\"><b>Employer Obligations and Risk Mitigation<\/b><b><\/b><\/p>\r\n<p class=\"p1\">Where personal-device use does give rise to data processing\u2014for example, via an app tracking hours or remaining leave entitlement\u2014employers are reminded to:<\/p>\r\n<p class=\"p5\">\u2022 Comply with the fundamental processing principles under Article 5 of the GDPR.<\/p>\r\n<p class=\"p5\">\u2022 Rely on a lawful basis under Article 6 (excluding consent, owing to the employer\u2019s position of power).<\/p>\r\n<p class=\"p5\">\u2022 Observe transparency obligations and notify employees in advance.<\/p>\r\n<p class=\"p5\">\u2022 Offer, where feasible, a less intrusive alternative (such as swipe-card access in lieu of an app).<\/p>\r\n<p class=\"p5\">\u2022 Ensure no employee choosing an alternative measure suffers discrimination.<\/p>\r\n<p class=\"p5\">\u2022 Fulfil all other GDPR requirements, including conducting Data Protection Impact Assessments (Article 35) and, if necessary, prior consultation with the Commissioner (Article 36)<span class=\"Apple-converted-space\">\u00a0 <\/span>.<\/p>\r\n<p class=\"p1\">Furthermore, if an employee\u2019s device cannot support requisite technical safeguards, the employer must provide the necessary infrastructure or alternative technological solutions. In cases of systematic personal-device use\u2014regardless of whether data processing occurs\u2014organisations are urged to adopt and communicate a clear policy addressing scenarios such as device failure, forgetfulness, or employee preference against BYOD<span class=\"Apple-converted-space\">\u00a0 <\/span>.<\/p>\r\n<p class=\"p3\"><b>Looking Ahead<\/b><b><\/b><\/p>\r\n<p class=\"p1\">The Directive concludes by signalling that a subsequent guidance document on teleworking will be issued for both the public and private sectors, underscoring the Commissioner\u2019s commitment to evolving workplace realities<span class=\"Apple-converted-space\">\u00a0 <\/span>.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>In a move to harmonise and clarify current workplace practices, the Office of the Commissioner for Personal Data Protection in Cyprus has published Directive No. 1\/2025 concerning the use of personal mobile devices for work-related tasks\u00a0 . This guidance responds to the growing trend of \u201cbring your own device\u201d (BYOD) arrangements and the attendant privacy [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7255,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=\/wp\/v2\/posts\/1","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1"}],"version-history":[{"count":5,"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=\/wp\/v2\/posts\/1\/revisions"}],"predecessor-version":[{"id":7311,"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=\/wp\/v2\/posts\/1\/revisions\/7311"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=\/wp\/v2\/media\/7255"}],"wp:attachment":[{"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.socratouslaw.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}