Bring your own Device (BYOD) is an important trend in IT-industry. BYOD refers to the practice of employees collecting, processing (including, but not limited to storing) or using corporate (company) data on their privately owned ICT devices. The model may increase both effi ciency and output of employees and has important advantages; however, each company’s individual requirements and business environment demand thorough evaluation to determine whether or not BYOD is a usable tool for cost reduction and whether or not the advantages outbalance the challenges. From a legal perspective it is of particular importance to recognise that also in BYOD environments the employer exclusively remains fully liable for all job-related data processing on private devices of employees. Consequently, the level and effectiveness of data security measures need to be maintained on the same high level regardless of whether or not data processing is carried out on company owned or privately owned devices. This causes signifi cant challenges in practice which require precise and comprehensive legal agreements with employees as well as thought-through and state-of-theart technical implementation.