ARTICLE
23 June 2025

Employee Privacy And Personal Data Protection: Use Of Personal Mobile Phone For Work-Related Purposes

PL
Patrikios Legal

Contributor

Patrikios Legal logo
Patrikios Legal is a leading, highly recommended and multi-awarded law firm based in Cyprus. With more than 60 years of experience in the local and international legal market, the firm is renowned for its involvement in some of the largest cross-border transactions and complex litigation and arbitration matters and its exceptional client service in Cyprus and abroad.
Explore Firm Details
Last month Cyprus took an important step towards improving work-life balance and the protection of the personal data and privacy of employees.
Cyprus Privacy
Stavroulla Nicolaou
Your Author LinkedIn Connections

Last month Cyprus took an important step towards improving work-life balance and the protection of the personal data and privacy of employees.

More specifically, the Commissioner for Personal Data Protection issued on 26/05/2025, Directive No. 1/2025, on the use of personal mobile phones for work-related purposes, which is based on the Guidelines by the European Data Protection Supervisor, Opinion 2/2017 of the European Commission and the European Data Protection Board.

The Directive aims for more uniform and consistent guidelines on the use of personal mobile phones for the purpose of carrying out certain work-related tasks during working hours, in a manner that ensures the protection of the personal data and privacy of employees.

The key points of the Directive are the fact that employees are not obliged to use their personal mobile phone for work purposes, and that the use of a personal mobile phone for work purposes may be permissible when:

  1. the employee wishes to use their phone for such purposes;
  2. such use facilitates the performance of their duties; and
  3. it does not entail or involve the processing of the employee's personal data by their employer.

Furthermore, If the employee does not wish to use their personal mobile phone for work-related purposes, even when no data processing is taking place, the employer must:

  1. provide him/her with an alternative solution; and
  2. ensure that the employee is not subject to adverse consequences if he/she chooses this alternative solution. Such alternative solutions may include the provision of a company device or sponsoring for the purchase of such device, as well as reimbursement for usage costs, where applicable.

In cases where the employee's duties require the use of a personal mobile phone on a systematic basis, whether or not their data is being processed, the employer must establish a policy and inform the employees of the same, which policy should among other things, regulate what happens in the event that:

  1. the employee forgets the device at home;
  2. the device breaks down or malfunctions;
  3. the employee no longer wishes to use the device for work-related purposes.

In any case, the employer should be able to adequately and appropriately substantiate the absence of data processing (i.e. for example when the use of a mobile phone is required for not strictly work-related tasks, such as for the accessing of documents and receiving a one-time password (OTP), as well as complying with the principles of data processing under GDPR law.

The Commissioner has noted that further long-awaited directives will follow related to teleworking, both for the public and the private sector.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Stavroulla Nicolaou
Stavroulla Nicolaou
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More