Your mobile is not the office
The AEPD marks a turning point in corporate control and the processing of employee data.
The change set by the AEPD
A red line on the use of personal mobile phones at work.
The AEPD has imposed a penalty of €20,000, considering that the obligation to use personal mobile phones at work violates the principle of data minimisation, as it implies excessive and unnecessary processing.
Beyond the specific case, the ruling focuses on a common practice in many organisations, especially in digital environments or with flexible working models.
The impact is direct: internal policies related to personal devices, professional communication and employee management come under regulatory scrutiny.
What changes for your company
What you should bear in mind to avoid risks.
This resolution reinforces a key criterion: the use of personal devices cannot be imposed without justifying its necessity, proportionality and limitation.
Companies must review how they are managing these environments, especially in aspects such as:
- The legal basis that legitimises the use of personal devices.
- The existence of clear BYOD policies
- The level of access and control over employee devices.
In practice, this involves assessing risks, adapting internal policies and ensuring a real balance between business operations and employee rights.
Our experts' analysis
Our team takes an in-depth look at this ruling, its context and the practical implications for companies in different sectors.
Content designed to understand not only what has happened, but how to anticipate potential regulatory risks.
Anticipate risk
At ECIJA we accompany you in adapting your policies and processes to minimise risks and ensure proper use of data in the workplace.
Contact our professionals
Specialists in privacy, data protection and the working environment.