Winston Maxwell and Patrice Navarro write:
Security concerns and the need to increase cyber security measures have recently boosted the use of Bring Your Own Device (BYOD) policies in France. Recent events have exacerbated fears of data breaches and hacking for IT managers who were not overly concerned before. As a consequence, IT security teams are seeking to apply the same security and device management systems that apply to their own company’s equipment to employees’ devices when employees use their devices for work purposes.
Obligation to notify
A BYOD policy usually forms part of a company’s IT policies. It must be formally presented to the works council to ensure employees are informed.
The CNIL’s guidelines on BYOD
In the guidelines, the CNIL takes a conservative approach to BYOD security. The CNIL prohibits, for example, a company “remotely wiping” an employee’s private data from their device. The CNIL indicates that companies must find a balance between their legitimate security concerns and the privacy of their employees. Consequently the security measures that are implemented must be proportionate to the threats and risks to the IT system and the company must ensure that employees are properly aware of the measures in place.
Read more on Hogan Lovells Chronicle of Data Protection.