4.3/5 TrustpilotOFCOM regulated
← Back to Blog

Staff Mobile Usage Policy: How to Stay in Control Without Being the Bad Guy

Staff Mobile Usage Policy: How to Stay in Control Without Being the Bad Guy

You have handed out company phones. Or maybe your team uses their own. Either way, you need rules.

Not because you want to be the fun police. Because without a policy, things go wrong. Bills spiral. Phones get lost with no plan for what happens next. Someone leaves and takes your company data with them. Someone else racks up £400 in roaming charges on a holiday they forgot to mention.

A mobile usage policy fixes all of this. And it does not have to be complicated. One page. Plain English. Everyone knows where they stand.

This guide walks you through everything: what to include, how to set up restrictions without being draconian, BYOD vs company phones, MDM tools explained simply, a copy-and-paste policy template, and what to do when someone leaves.

Why You Need a Mobile Usage Policy (Even for 5 Phones)

"We have only got five phones. We do not need a policy."

Yes, you do. Here is why.

Costs creep up silently. Without clear rules about personal use, roaming, and app downloads, your monthly bill grows bit by bit. No single charge looks outrageous, but together they add up. A mobile policy sets expectations from the start.

Lost phones become emergencies. If an employee loses their work phone on a Friday night and nobody knows the procedure, you have got a weekend of worrying about company data floating around unsecured. A policy means everyone knows exactly what to do: call this number, we remote wipe, we issue a replacement on Monday.

Leavers take data with them. When someone leaves and you have not thought about what happens to the phone, the data, and the number, you are making it up on the spot. That is how customer contacts walk out the door.

You need legal cover. If you ever need to take action against an employee for misuse of a company phone, you need a written policy that they have acknowledged. Without it, you are on shaky ground.

It is just good management. Five phones become ten. Then twenty. The time to set up a policy is when you are small enough to do it easily, not when you have got 50 phones and a mess to untangle.

What a Good Policy Covers

Keep it short. Nobody reads a 20-page document. One to two pages, plain English, covering these areas.

Business vs Personal Use Rules

Keep it simple. Pick one of these approaches:

Business use only. The phone is for work. Personal calls, texts, and data use are not allowed. This is clean and easy to enforce, but it is strict. Most employees will not love it.

Reasonable personal use allowed. The phone can be used for personal calls and texts within reason. A quick call to your partner to say you are running late? Fine. Streaming films on your lunch break? Not fine. This is the most common approach and works well for most businesses.

Personal use allowed with a fair-use limit. You set a soft limit. Something like "personal use should not exceed 10% of your monthly allowance." This gives flexibility while keeping a boundary.

Whichever you choose, write it down clearly. "Reasonable personal use" means different things to different people unless you define it.

Data Limits and What Happens When They are Exceeded

Be specific:

  • Each phone has a monthly data allowance of [X]GB.
  • You will receive an automatic alert at 80% usage.
  • If you hit 100%, contact [name/IT] to request a data bolt-on if needed for work.
  • Consistently exceeding your allowance for non-work use may result in a review of your usage.

Do not threaten disciplinary action for going over data. That is heavy-handed. But make it clear that data is not unlimited and that excessive personal use will be noticed.

App Restrictions

Decide what is allowed and what is not:

  • Always allowed: Work apps (email, Teams, Slack, CRM, Maps, etc.)
  • Allowed within reason: Social media, news, general browsing
  • Not allowed: Gambling apps, adult content, excessive streaming services
  • Restricted: App store purchases must be approved by [name/IT]

You do not need to list every app. Set broad categories. Most people have common sense. It is the edge cases you are covering.

Roaming Rules

This is where money disappears fast. Be very clear:

  • International roaming is disabled by default on all company phones.
  • If you need roaming for a business trip, request it at least 5 working days before travel.
  • You must use WiFi wherever possible when abroad.
  • Personal use while roaming is not permitted.
  • Any roaming usage without prior approval may be charged back to the employee.

That last point is important. It concentrates minds. Nobody racks up roaming charges when they know they will have to pay for it themselves.

Lost or Stolen Phone Procedure

Step-by-step, no ambiguity:

  1. Report the loss immediately to [name/number], even outside office hours.
  2. The phone will be remotely locked and wiped within [X] hours of the report.
  3. Do not attempt to retrieve a stolen phone yourself. Report it to the police and get a crime reference number.
  4. A replacement device will be issued within [X] working days.
  5. If the loss was due to negligence (left on a pub table, etc.), the company reserves the right to recover replacement costs.

Make sure there is an out-of-hours contact for this. Phones get lost on Friday nights and weekends, not conveniently during business hours.

Leaving the Business

Clear process for when someone moves on:

  • The company phone must be returned on or before your last working day.
  • All company data will be wiped from the device.
  • Personal data should be backed up and removed before the return date.
  • If you want to keep your phone number, request a PAC code transfer before your last day and we will arrange it.
  • Failure to return the device may result in the cost being deducted from your final pay (check your employment contract allows this).

BYOD vs Company-Owned: Pros and Cons

One of the biggest decisions you will make. Here is the honest breakdown.

FactorCompany-OwnedBYOD (Bring Your Own Device)
ControlFull control. You choose the device, the apps, the restrictions.Limited. You can manage work apps but not the whole device.
CostHigher upfront. You are buying or leasing handsets plus paying for plans.Lower. Employees use their own phones. You just pay a contribution or allowance.
SecurityStronger. You can enforce encryption, PINs, and remote wipe the entire device.Weaker. You can only wipe company data, not the whole phone.
Employee satisfactionMixed. Some people like having a separate work phone. Others hate carrying two devices.Higher. People use the phone they already like.
Leaving the businessSimple. They hand back the phone.Complicated. You need to remove company data without touching personal stuff.
Legal complexityLower. It is your device, your rules.Higher. It is their device. GDPR and privacy laws limit what you can do.
Best forBusinesses that need strong control, handle sensitive data, or have 10+ employees.Small teams, startups, businesses with low security requirements.

Our advice? If you can afford it, go company-owned. The control and simplicity are worth it. If budget is tight or your team is small, BYOD with a clear policy and basic MDM works fine.

If you go BYOD, you will need to decide on a monthly contribution. Most UK businesses pay £20-30 per month towards the employee's personal phone contract. Make sure this is in writing and that the employee understands what management tools will be installed on their phone.

Setting Up Restrictions Without Being Draconian

Nobody wants to work somewhere that treats them like they cannot be trusted. The trick is setting sensible boundaries that protect the business without making people feel policed.

Block Adult Content and Gambling Apps

This one's easy to justify. You are protecting the business from inappropriate content on company devices. No reasonable employee will object. Every network lets you enable content filters at the account level. It takes two minutes.

Restrict App Store Purchases

Employees should not be buying apps or subscriptions on the company account. Lock down app purchases so they need approval. On iOS, this is done through Apple Business Manager. On Android, through Google Workspace or your MDM tool.

This is not about not trusting people. It is about keeping your bill predictable.

Set Data Warnings at 80% of Allowance

Do not wait until the data runs out. Set automatic alerts at 80% usage so both you and the employee know they are approaching their limit. This gives them time to switch to WiFi and gives you time to decide whether to add a bolt-on.

Every network portal offers this. Set it up once for all lines.

Disable Roaming by Default

This is the single biggest money-saver. Turn off international roaming on all phones by default. When someone needs it for a work trip, enable it for that trip only, then disable it again.

You can do this in the network admin portal. It takes about 30 seconds per line.

Most networks also let you set a roaming spend cap, so even if roaming is enabled, charges cannot exceed a set limit. Use both. Belt and braces.

Do not Block Social Media

This is controversial, but hear us out. Blocking Facebook, Instagram, and Twitter on work phones is tempting. But it signals "we do not trust you" more loudly than almost anything else.

Most employees check social media for a few minutes a day. The data usage is minimal. The morale cost of blocking it is higher than the cost of allowing it.

Instead, monitor data usage. If someone's burning through 20GB on TikTok, that is a conversation to have with that individual. Do not punish the whole team for one person's behaviour.

Ready to compare? Get a free quote across EE, Vodafone, O2 and Three. Takes 10 minutes, completely free, no obligation.

MDM (Mobile Device Management) in Plain English

MDM sounds like something only big corporations need. It is not. If you have got 10+ phones, it is worth looking at. Here is what it actually is and does, without the tech waffle.

What It Does

MDM software lets you manage all your company phones from one dashboard. Instead of setting up each phone individually, walking round to each desk, you do it all from your laptop.

Think of it as a remote control for all your phones.

What You Can Control Remotely

  • Lock a phone if it is lost or stolen
  • Wipe all data from a lost device (or just wipe company data on BYOD phones)
  • Push apps to all phones at once (new CRM tool? Push it to 30 phones in one click)
  • Remove apps from all phones (discovered everyone's installed a dodgy app? Remove it remotely)
  • Enforce security policies like requiring a 6-digit PIN, face/fingerprint unlock, or encryption
  • See device info including battery health, storage space, OS version, and last check-in time
  • Track location (with employee knowledge and consent)
  • Set restrictions on what apps can be installed, what settings can be changed, and what content can be accessed

Free Options

Google Workspace MDM. If you use Google Workspace (Gmail, Google Drive, etc.), basic MDM is included free. You can enforce screen locks, require device encryption, remotely wipe devices, and see basic device information. It is limited compared to paid tools, but for small teams it does the job.

Apple Business Manager. Free for any business. It lets you set up iPhones automatically (so a new employee's phone configures itself when powered on), distribute apps, and manage Apple IDs. It is not full MDM on its own, but paired with a free MDM tool it gives you solid control over Apple devices.

Paid Options

Microsoft Intune. Included in Microsoft 365 Business Premium (from about £19 per user per month, but you get all of Microsoft 365 with it). Intune is the most common MDM choice for UK businesses. It works on iOS and Android, integrates with everything Microsoft, and gives you detailed device management. If you already pay for Microsoft 365, check your plan. You might already have it.

Jamf. The specialist choice for Apple devices. Starts around £3-4 per device per month. If your whole team is on iPhones, Jamf gives you the deepest Apple management available. It is used by businesses of all sizes, not just big ones.

Hexnode, Mosyle, Kandji. Other options that sit between free and Intune/Jamf in features and price. Worth a look if neither of the big two fits your needs.

Do You Actually Need MDM?

  • Under 5 phones: Probably not. Use the network portal and manual setup.
  • 5-15 phones: Consider the free options (Google Workspace MDM or Apple Business Manager). They will cover the basics.
  • 15+ phones: Yes. The time saved on setup, the security benefits, and the central control make it worthwhile.
  • Any size, sensitive data: If your team handles customer financial data, health records, or anything regulated, get MDM regardless of team size. The remote wipe capability alone is worth it.

Staff Mobile Usage Policy Template

Here is a ready-to-use template. Copy it, fill in the blanks, put your company name on it, and hand it out. One page. Plain English.

[Company Name] Mobile Phone Usage Policy

Effective date: [Date]

1. Ownership. Mobile phones provided by [Company Name] remain company property at all times.

2. Business use. Company phones are provided for business purposes. Reasonable personal use is permitted, provided it does not interfere with work duties, incur significant additional costs, or breach any part of this policy.

3. Data allowance. Each phone has a monthly data allowance of [X]GB. You will receive an automatic alert at 80% usage. If you need additional data for work purposes, contact [name/role]. Consistently exceeding your allowance for personal use may result in a review.

4. Calls and texts. Business calls and texts are unlimited. Personal calls should be brief and infrequent. Calls to premium rate numbers (09xx) and international numbers are blocked unless pre-approved.

5. Apps. Only approved apps should be installed on company devices. If you need an app for work that is not installed, request it from [name/role]. Gambling apps and adult content are strictly prohibited.

6. Roaming. International roaming is disabled by default. If you need roaming for a business trip, request it at least 5 working days in advance. Use WiFi wherever possible when abroad. Personal use while roaming is not permitted.

7. Security. You must set a screen lock (minimum 6-digit PIN or biometric). Do not share your phone's passcode. Do not connect to unsecured public WiFi networks without using the company VPN.

8. Lost or stolen. Report any loss or theft immediately to [name/phone number]. The device will be remotely locked and wiped. Report theft to the police and obtain a crime reference number.

9. Monitoring. [Company Name] monitors overall usage data (data, calls, texts) on company devices to manage costs and ensure fair use. Location tracking [is/is not] enabled. For more information, refer to our Privacy Notice.

10. Leaving the company. Return your company phone on or before your last working day. Back up any personal data beforehand, as the device will be wiped. If you wish to keep your phone number, request a transfer before your last day.

11. Breach of policy. Breach of this policy may result in disciplinary action, up to and including termination of employment.

Acknowledgement: I have read, understood, and agree to abide by this policy.

Employee name: _______________ Signature: _______________ Date: _______________

That is it. One page. Everyone signs it. Everyone knows the rules. Keep a copy in their personnel file.

What Happens When Someone Leaves

This is the bit most businesses get wrong. Someone hands in their notice and nobody thinks about the phone until their last day. Then it is a scramble.

Here is the process, step by step.

Before Their Last Day

1. Back up any business data. Make sure any important files, contacts, or messages on the device are backed up to your company systems (not the employee's personal cloud).

2. Tell them to remove personal data. Give them reasonable time (a few days) to back up and delete their personal photos, messages, and apps. They should sign out of personal accounts (iCloud, Google, WhatsApp, etc.).

3. Ask about the phone number. Some employees want to keep their work number, especially if clients know them by it. If they want it, arrange a PAC code transfer to their personal account before their last day. If you want to keep the number, make that clear.

On Their Last Day

4. Collect the phone, charger, and any accessories. Check the device powers on and is not damaged.

5. Remote wipe the device. Even if they say they have deleted everything, wipe it. MDM tools make this one click. If you do not have MDM, factory reset the device manually.

6. Disable their line. Log into your network portal and suspend or cancel the line. Do not keep paying for a line nobody's using.

7. Reassign or recycle. If the handset is in good condition, set it up for the next employee. If it is end-of-life, recycle it responsibly.

Do not Forget

Revoke access to company apps. If they had email, Teams, Slack, CRM, or any other business apps on the phone, revoke their access from the admin side, not just on the device. They might have those same apps on a personal device.

Check their usage for the final month. Make sure there are no unexpected charges on their last bill. Sort it out before their final pay.

Common Mistakes

Being Too Strict

Banning all personal use, blocking social media, and making people feel like every tap on their screen is being watched. This kills morale. Good employees leave for companies that treat them like adults.

Being Too Loose

No policy at all, everyone does whatever they want, and you only notice there is a problem when you get a £2,000 bill because someone went roaming in the US for a week.

Not Communicating the Policy

Writing a policy and filing it away does not count. Talk about it when people start. Remind people before the summer holiday season (roaming). Mention it in your induction process.

Having Different Rules for Different People

If the CEO gets unlimited personal use and the junior admin gets monitored down to the last megabyte, you have got a fairness problem. The policy should apply to everyone. If there are legitimate exceptions (like the CEO needs unlimited data for genuine business reasons), document those exceptions and their business justification.

Not Reviewing the Policy

Your policy from 2020 does not mention 5G, remote working, or current data needs. Review it once a year. Update it when your business changes. It takes an hour.

Forgetting BYOD Complications

If some staff use their own phones, you need BYOD-specific sections in your policy. You cannot treat personal devices the same as company-owned ones. The rules are different, the legal position is different, and the employee expectations are different.

How Compare The Networks Helps

Getting the right business mobile plans is the first step to staying in control.

At Compare The Networks, we have been helping UK businesses since 2008. We are OFCOM-regulated and rated 4.3 out of 5 on Trustpilot.

We help you find plans that match your policy. If you want data caps, shared pools, or flexible add-ons, we will find the right network and plan for how you want to manage your team.

We know which networks have the best management tools. Some network portals make it easy to set restrictions, alerts, and spending caps. Others are basic. We will match you with a network whose tools fit your management style.

We advise on BYOD vs company-owned. Based on your team size, budget, and security needs, we will help you decide the right approach and find deals to match.

We make sure your plans grow with you. Flexible contracts that let you add and remove lines without penalty. Deals that scale as your team grows. No nasty surprises.

For more on keeping your business phones secure, read our business mobile security guide.

Get a free comparison today. We will match your policy to the right plans.

FAQs

Do I legally need a mobile usage policy?

There is no law that says you must have one. But employment law experts strongly recommend it, and for good reason. If you ever need to discipline an employee for phone misuse, the first thing an employment tribunal will ask is "was there a clear policy?" Without one, you are on weak ground. It also helps you comply with GDPR requirements around employee monitoring. It takes an hour to write. There is no good reason not to have one.

Can I make employees pay for personal use on a company phone?

Yes, but only if it is clearly stated in your policy and ideally in their employment contract. You can require employees to reimburse personal call costs, personal data usage above a threshold, or any roaming charges incurred for personal use. However, the administration of tracking and billing personal use can be more hassle than it is worth. Most businesses find it simpler to allow reasonable personal use and only charge back in cases of excessive or abusive usage.

What is the best approach for a team of 5-10 people?

Keep it simple. Company-owned phones on the same network, one account, one bill. A one-page usage policy that everyone signs. Use the network admin portal for basic usage tracking and alerts. You probably do not need MDM at this stage, but set up data alerts at 80% usage and disable roaming by default. This gives you control without complexity.

Should I allow employees to use work phones for personal WhatsApp?

This is one of the most common questions we get. The practical answer is that most employees will use WhatsApp on their work phone whether you allow it or not. The smart approach is to allow it but make clear in your policy that business and personal WhatsApp use should be kept separate (ideally using WhatsApp Business for work). Also make clear that WhatsApp messages on a company device may be subject to monitoring and that the phone will be wiped when they leave. The key is transparency.

Can I stop employees installing apps on company phones?

Yes, if the phone is company-owned. Both iOS and Android allow you to restrict app installations either through device settings or MDM tools. On iOS, you can disable the App Store entirely. On Android, you can restrict to approved apps only. However, completely blocking app installs can be frustrating for employees. A middle ground is to allow installs but block specific categories (gambling, adult content) and require approval for paid apps.

What should I do if an employee refuses to sign the mobile policy?

If it is a condition of being issued a company phone, then refusing to sign means they do not get the phone. Make this clear from the start. For existing employees who already have phones, introduce the policy with reasonable notice (typically 4-8 weeks), explain why it is being implemented, and give people a chance to ask questions. If someone still refuses, seek HR or legal advice. In most cases, implementing a reasonable mobile policy is a legitimate management decision that employees are expected to comply with.

How often should I review our mobile usage policy?

At minimum, once a year. But also review it whenever there is a significant change: a new network contract, a shift to remote working, adoption of new business apps, changes in team size, or changes in employment law or GDPR guidance. Set a reminder in your calendar for an annual review. It should take no more than an hour to read through the policy, check it is still relevant, and update any names, numbers, or procedures that have changed.

Is it worth having separate policies for managers and junior staff?

Generally, no. A good policy applies equally to everyone. Different roles might have different allowances (a field sales manager needs more data than an office admin), but the rules about personal use, roaming, security, and device return should be the same for everyone. Having one rule for managers and another for everyone else breeds resentment and is harder to enforce. If certain roles genuinely need exceptions (like the MD needing unlimited international calls), document those exceptions individually rather than creating a two-tier policy.

Ready to compare deals?

Get a free, no-obligation quote in under 2 minutes.

Get Your Free Quote