VPN access for UK employees: privacy, monitoring, BYOD and offboarding
Quick Answer
A personal VPN can hide your web traffic from your ISP and most Wi‑Fi operators, but it does not make you “invisible” to an employer if you work on a company laptop with MDM, endpoint security, or corporate apps (Teams/Slack/SSO). The safest approach is separation: separate work and personal profiles, confirm DNS leak protection, and follow your organisation’s compliance rules.
Work‑Life Privacy Checker
Answer a few questions and get a plain‑English risk assessment of what your employer can realistically observe in a typical remote‑work setup. This is not legal advice - it’s a practical sanity‑check based on common corporate tooling.
Work‑Life Privacy Checker
Pick the options that match your setup. We’ll explain the likely visibility and what to change first.
Who sees what?
This table is the mental model most people miss. A VPN mostly changes what the network can observe - it does not magically override device management or corporate log systems.
| Data / Signal | Your ISP | Your employer | Your VPN provider | The website / service |
|---|---|---|---|---|
| Your real IP | Yes | Sometimes (managed device / corporate logs) | No (unless you connect without VPN) | No (sees VPN IP) |
| Browsing history (URLs) | Limited (mostly domains + timing) | Possible (proxy, DNS, endpoint agent, browser policy) | No (should not log sites) | Yes (your activity on that site) |
| Approx. location | Roughly (region) | Often (sign‑in signals, Wi‑Fi, device posture, MDM) | Only your chosen VPN exit | Sees VPN location + cookies/device signals |
The BYOD safety checklist
If you work on a personal computer, you get more control - but you also carry more responsibility. This checklist keeps work and private life separate (and prevents accidental leaks during travel).
| Item | Why it matters | Quick action |
|---|---|---|
| Separate browser profile for work | Stops cookie / session cross‑contamination | Create a dedicated profile (Chrome/Edge/Firefox) |
| Kill Switch | Prevents traffic leaks if VPN drops | Enable it in your VPN client (see VPN Kill Switch) |
| DNS leak protection confirmed | DNS can reveal your real network | Run our Leak Test and read DNS Leak Protection |
| Personal VPN on, then corporate VPN (if required) | Reduces ISP/Wi‑Fi visibility before corporate tunnel starts | Connect personal VPN first, then AnyConnect/Zscaler |
Working while travelling: policy, tax and security questions
“Working from abroad without your employer knowing” is usually a policy and tax/compliance problem first, and a network problem second. If you still need to reduce location signals, a travel router running WireGuard can be safer than a software VPN on a laptop.