The General Data Protection Regulation or GDPR is a European law that protects the privacy of European citizens. GDPR rules apply to organisations that process the personal data of European citizens. Circet must therefore also comply with these rules.
If you use your private phone only for private purposes, the data (contacts, e-mails, photos) on your device are not covered by GDPR legislation. Suppose you lose your private phone, for example: there won't be a data breach according to GDPR.
But, if you use your private phone for work as well, that's another story of course. Then, your phone also contains business contacts, work e-mails, access to SharePoint or other tools, to name but a few. The data that may be found on your lost phone will, in that case, fall under the GDPR rules. So, if you misplace it, there may be a data breach.
Did you misplace your work phone (or a private phone that you also use for work) or was it stolen? Please report this immediately via the IT ticket system. IT colleagues will investigate the incident.