Private emergency contacts on the company cell phone – is that possible?

Better safe than sorry, data protection-compliant is even better

In the past, you could only call the emergency number 112 from an unlocked mobile.

It is now possible to store emergency contacts on newer smartphones so that, for example, emergency services can call them even if the device is locked. This innovation is undoubtedly useful and practical.

But what about company cell phones?

Can we also store the phone number of a trusted person who should be informed as quickly as possible in an emergency? What do we need to keep in mind?

The employer is the “responsible party” for the devices it provides in terms of data protection, i.e. responsible for all data stored there. Anyone who stores the data of their emergency contact there “transmits” this data to the employer.

As this is usually data of a person who has no direct relationship with the company, this data can only be collected with the consent of this person: The person whose data is stored – not the data of the device user.

As the controller, the company must then fulfill all obligations that apply to the processing of personal data. These include:

  • Obtaining and documenting consent
  • Providing a data protection notice
  • Observing the rights of data subjects (in particular the right to information, erasure and rectification)
  • And most importantly, compliance with purpose limitation: The contact data may not be used for other purposes under any circumstances.

What is the best way to implement all this in a privacy compliant way? fox-on will be happy to support you, just contact us.

And if you want to know how to store emergency contacts so emergency services can access them if this ever becomes necessary? You can search the Internet for “emergency contact android” or for “emergency contact iPhone”.

Summary:
Emergency contacts can also be stored on company devices. However, this requires the documented consent of these contacts. The company is responsible for the data and must then fulfil all data protection obligations.