Skip to content
Vectel
Support/Hardware and lifecycle

Employee leaves and has worked with our data on their own laptop

BYOD feels cheap until someone leaves. Without prior agreements, wiping-without-touching-personal-data is a hard conversation after the fact.

Try this first

  1. 1Set in your BYOD policy upfront what rights you have at offboarding. Selective wipe via Intune (only work apps and their data) is far more acceptable than a full factory reset.
  2. 2On departure day: revoke all tokens (M365, VPN, Slack, password vault). That does more than wiping the device, because sessions often keep access alive.
  3. 3Run selective wipe via your MDM. Intune App Protection and Jamf have a wipe mode that only touches work data. Notify the departing employee in writing.
  4. 4Ask written confirmation that no remaining work files exist outside managed apps. Useful for your processing register if a GDPR request follows later.
  5. 5Going forward: weigh whether BYOD still fits your risk profile. A choose-from-list laptop often costs less than managing twenty personal devices.

When to bring us in

A conflict departure with a BYOD device you cannot access: that is a legal matter more than an IT one. Bring in an employment lawyer before IT forces anything.

See also

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.

Who are you?

For the AI question we need your email and company, so we can follow up if the AI gets stuck, and to prevent abuse.

Limited to 2 questions per hour and 5 per day, kept lean so the AI stays useful. For more, contacting us directly works better for you and us.

Or skip the DIY entirely

Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.

Bring us inHow Managed IT works