Bring your own device policy

  • Improve your cyber security
  • GDPR compliant
  • Quick and easy to complete

A bring your own device policy is an internal business document setting out how and when your staff can use their own personal devices for work purposes. It covers what devices are permitted and what the acceptable use of those devices is, including what security measures should be adhered to. It might also be referred to as a BYOD policy.

There are various reasons why a business may want to allow staff to use their own devices for work purposes, which include possible financial savings. There are risks associated with this, however, and businesses must put in place appropriate security measures to ensure that their legal obligations are complied and that their business’s systems are not compromised by malicious cyber activity. This policy will help you to manage these risks by setting out what responsibilities your staff are under when using their own devices at work.

This policy could form part of your staff handbook or it could be produced as a standalone document.

Q&A

  • When should I use this document?

    If you are thinking of allowing your staff to use their personal devices for work purposes, you should use this document to create a policy setting out the framework under which such use is permitted. It can be used whether your staff will be using their own devices for work in the workplace or remotely (eg at home).

    Make sure that you review this policy regularly to ensure that it is fit for purpose. Make sure it is updated if any of your requirements change.

    This policy is designed to work alongside a general IT security policy, which sets guidelines for staff about how to securely operate your IT and communications systems. Use our template IT, communications and social media policy if you don’t already have a policy in place.

  • What does this document cover?

    This document sets out a general policy covering the use of personal devices for work activities. It includes:

    • what devices your business permits staff to use and whether they need prior consent;

    • what the acceptable use of those devices is, including whether there are any restrictions on use and what other policies your staff must comply with;

    • general security provisions (eg in relation to password protection and remote access) and whether IT support is available for staff using personal devices;

    • a reminder of data protection obligations;

    • the consequences of breaching the policy; and

    • what process must be followed when your staff member leaves your employ.

  • Why do I need this document?

    When your staff members work off their own devices, there are security risks that your business will need to address as you will not have the same level of control over those devices. This policy will set specific security requirements for the use of staff personal devices to ensure that your business’s sensitive and confidential information, including any personal data, is kept securely and confidentially at all times. This will not only help you to comply with your legal obligations under data protection law, but it will also help to protect your business from malicious cyber activity.

  • Where can I find out more?

    For guidance on how you can ensure that data is processed securely by your business, including what cyber security measures you can take see our Q&A on secure data storage.

    For guidance on how to manage staff who work remotely, see our Q&A on staff working from home.

    If you’re looking for a general IT policy covering use of your business’s own devices and software, see our template IT, communications and social media policy.

Related Documents

Related Toolkits

Redundancy toolkit

This redundancy toolkit guides you through the key steps you need to take to make an employee redundant, and provides a pack of the relevant template documents you are likely to need. You will find guidance and a pack of 9 supporting documents, including letters, notices and agendas, for each step of the redundancy process: Initial steps (considering alternatives and reasons for redundancies); Creating a redundancy pool, applying selection criteria and notifying employees; Carrying out a consultation process; and Making a final decision, calculating payments and terminating employment. It also includes a template letter to offer alternative employment to employees who are at risk of being made redundant. By using this redundancy toolkit, you will ensure that your redundancy process is fair and legally compliant, which reduces the chance of any employees suing you. The guidance in this redundancy toolkit also helps you to ensure you do not make redundancies in a discriminatory way. Use this redundancy toolkit to ensure you are legally compliant without the need for a lawyer.
Find out more
  • How-to guide: Redundancy toolkit
  • Redundancy - Letter warning of proposed redundancies
  • Redundancy - Selection criteria form
  • Redundancy - Provisional selection for redundancy letter
  • Redundancy - First individual consultation meeting agenda
  • Redundancy - Outcome of individual consultation meeting
  • Redundancy - Invitation to final individual consultation meeting
  • Redundancy - Final individual consultation meeting agenda
  • Redundancy - Notice of termination of employment
  • Redundancy - Offer of alternative employment

Disciplinary toolkit

This disciplinary toolkit will guide you through the process of handling a disciplinary matter. It includes a how-to guide and a pack of 16 relevant documents you are likely to need. You will find template letters, agendas and other documents which can be used at each key step of the disciplinary process: Investigating the disciplinary matter (including suspension of your staff member if necessary and appropriate); Attending a disciplinary meeting with your staff member; Taking disciplinary action eg written warnings or dismissal; and Providing an opportunity for your staff member to appeal your decision. The toolkit also includes a list of common disabilities, so that you can check whether you need to make any reasonable adjustments at disciplinary meetings. This toolkit will help you to follow a fair and proper disciplinary process, which reduces the risk of your staff member taking legal action against you in future.
Find out more
  • How-to guide: Disciplinary toolkit
  • Suspension letter pending investigation
  • Disciplinary investigation template
  • Invitation to attend a disciplinary hearing
  • Invitation to attend meeting to discuss sickness absence
  • List of common disabilities
  • Note taking template for disciplinary proceedings
  • Basic script for conducting a disciplinary hearing
  • First written warning for capability
  • First written warning for misconduct
  • Final written warning for capability
  • Final written warning for misconduct
  • Sickness absence meeting - outcome letter
  • Dismissal letter
  • Invitation to attend a disciplinary appeal hearing
  • Basic script for conducting a disciplinary appeal hearing
  • Letter to confirm outcome of a disciplinary appeal

Pregnancy and maternity toolkit

This pregnancy and maternity toolkit guides you through the steps you need to take when a staff member notifies you that she is pregnant, throughout her maternity leave, and when she returns to work. It includes a how-to guide as well as a pack of 10 relevant documents you are likely to need, including: template letters and notices to arrange the beginning of your staff member's maternity leave and return to work; template letters to arrange Keeping in Touch days; and a pregnancy and maternity risk assessment template. By using this toolkit you will protect your staff member's health and safety, maintain good workplace relations and reduce the risk of any legal action being taken against you.
Find out more
  • Maternity arrangements letter
  • Maternity - Amended return date letter
  • Maternity - Letter confirming sickness absence during last four weeks before childbirth
  • Maternity - KIT Day Letter
  • Employee notice of return from maternity leave
  • Letter to employee confirming dates of return from maternity leave
  • Pregnancy - health and safety letter
  • How-to guide: Pregnancy and maternity toolkit
  • Pregnancy and maternity risk assessment
  • Maternity - Employee notice of pregnancy and intention to take maternity leave
  • Pregnancy - suspension on health and safety grounds letter

Paternity toolkit

Please note that this toolkit has recently been updated. It can be used for employees whose child is due after 6 April 2024, or whose expected date of adoption placement is on or after 6 April 2024. If your employee's child is due to be born or placed with them before this date, this toolkit will not apply. This paternity toolkit will take you through the key steps to take when a staff member wishes to take paternity leave. It contains a how-to guide along with a pack of all the relevant template documents you are likely to need. This paternity toolkit can be used in a wide variety of situations, whether a staff member's partner is having a baby, they are adopting or they are having a baby via surrogacy. By using this toolkit, you ensure that you comply with your legal obligations, which reduces the risk of your staff member taking legal action against you and helps to maintain good workplace relations.
Find out more
  • How-to guide: Paternity toolkit
  • Declaration of eligibility for time off to attend antenatal appointments
  • Employee declaration of eligibility for time off to attend pre-adoption appointments
  • Employee declaration of eligibility for time off to attend antenatal appointments with surrogate
  • Paternity arrangements letter
  • Employee notice of date of childbirth
  • Notice of updated return date from paternity leave
  • Adoption - Employee notice of date of arrival
See all Toolkits