Practical approach on Bring Your Own Device (BYOD) under the GDPR Regulation for SMEs

Mohammed Saheed, Mohammed Mafais

his.sePublications

Simple search

Advanced search -
Research publications Advanced search -
Student theses Statistics

English Svenska Norsk

Change search

Cite ExportLink to record

Permanent link

https://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-25481

Direct link

http://his.diva-portal.org/smash/record.jsf?pid=diva2:1983425

Cite

Citation style

apa
apa-cv
ieee
modern-language-association-8th-edition
vancouver
Other style

More styles

Language

de-DE
en-GB
en-US
fi-FI
nn-NO
nn-NB
sv-SE
Other locale

More languages

Output format

html
text
asciidoc
rtf

Practical approach on Bring Your Own Device (BYOD) under the GDPR Regulation for SMEs

Mohammed Saheed, Mohammed Mafais

University of Skövde, School of Informatics.

2025 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis

Abstract [en]

This thesis investigates the intersection of Bring Your Own Device (BYOD) policies and General Data Protection Regulation (GDPR) compliance within small and medium-sized enterprises (SMEs). As SMEs increasingly adopt BYOD practices to enhance operational flexibility and productivity, they face significant challenges in aligning these practices with GDPR’s stringent data protection requirements. This study addresses the research question: How can SMEs implement GDPR-compliant BYOD policies that can achieve productivity and security? Employing a dual-method qualitative approach systematic literature review (SLR) and document analysis (DA) the research synthesizes theoretical insights and real-world policy practices to construct a practical framework for SMEs.

The findings reveal that while BYOD adoption offers measurable benefits such as cost efficiency and operational responsiveness, it exposes organizations to heightened risks related to personal data processing, device security, and compliance enforcement. Key gaps identified include insufficient technical safeguards, ambiguous liability for data breaches, and inconsistent enforcement mechanisms in existing policies. The proposed framework incorporates best practices in data protection, organizational policy design, and technical safeguards, offering SMEs a pathway to align digital flexibility with legal and ethical responsibility.

Ethical and societal implications are explored, emphasizing the need for transparency, fairness, and inclusiveness in BYOD governance. The study contributes a tailored, evidence-based solution that responds to the constraints and priori-ties unique to SMEs, supporting secure digital transformation. Future research directions include longitudinal implementation studies and exploration of emerging technologies like AI-driven compliance monitoring. This work lays the groundwork for interdisciplinary research combining legal, organizational, and technological perspectives to advance GDPR-aligned BYOD adoption in SME contexts.

Place, publisher, year, edition, pages

2025. , p. 46

National Category

Information Systems, Social aspects Law Business Administration

Identifiers

URN: urn:nbn:se:his:diva-25481OAI: oai:DiVA.org:his-25481DiVA, id: diva2:1983425

Subject / course

Informationsteknologi

Educational program

Privacy, Information and Cyber Security - Master's Programme 120 ECTS

Supervisors

Lundell, Björn

Examiners

Gamalielsson, Jonas

Available from: 2025-07-10 Created: 2025-07-10 Last updated: 2025-09-29Bibliographically approved

Open Access in DiVA

fulltext(665 kB)

203 downloads

File information

File name FULLTEXT01.pdfFile size 665 kBChecksum SHA-512

19915d5509852c9647f6647d7d0b37c8337f5254a90b86577b522786f627b537456f5ac8883c8775dd82cbf6dad6b1c5fe10dd9e24419101f5e7ffcf02ec835a

Type fulltextMimetype application/pdf

Total: 204 downloads

The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Total: 331 hits