[Spooky23]

There are a few different dimensions here. Note that I’m in the US and have experience specific to larger entities.

For you conducting any personal business on work devices, it is pretty easy for employers to get tools that can detect and even capture that activity. That ranges from grabbing files on the device to periodically or continuously recording screen content.

For conducting personal business on work services, that is trivially searchable with O365 or Google Workplace. Some industries (banking, finance) are required to retain all mail and sample it for policy violations. Sometimes contractors are roped into doing this by contract terms. Sometimes dating coworkers becomes a problem when you communicate on work systems in unexpected ways — anything you do is essentially public.

For conducting business on personal devices, employers cannot generally search through your content. (Unless security or other products are present — for example Crowdstrike or similar EDR tools will log most executable launches) But, if evidence exists that you use personal stuff for business and there is a litigation event or investigation, you can be compelled by a court to turn over your personal gear. That risk depends on what you do for a living and for who. (For example, a government employer may have an inspector general with police subpoena powers, if you are a decision maker in a company, a civil suit may focus on something you said or didn’t say)

All-in-all, the best policy is to keep work away from your personal business and vice versa within reason. The meaning of “Within reason” depends on your circumstances. The issues for a unionized white collar worker at a factory are different than an at-will financial analyst at some big bank.