WhatsApp is the most popular instant messaging service and it is widely used around the world, primarily for personal communication. However, as its popularity increased businesses realized its potential and started using it for their business communication. WhatsApp Messenger is used for personal communication, while WhatsApp Business app is used for business communication, which involves messaging customers as well as business partners.
With the basic purpose of both apps in mind, WhatsApp has made everything possible to make them GDPR compliant. If you are a business and want to make use of the plethora of features offered by WhatsApp, then you must use WhatsApp Business App to communicate by complying with GDPR rules.
While you use WhatsApp Business App for your business communication, you are the Controller of all contacts in your address book as far as GDPR is concerned. That would mean that you must have the legal basis to process these contacts as described by Article 6 of GDPR, which mentions the lawfulness of the processing.
According to Article 6 of GDPR processing would be lawful only if and to the extent to at least one of the following applies:
- the data subject has given prior consent to process their data for one or more specific purposes.
- the processing of personal data is necessary for the performance of a contract
- processing is necessary for compliance with a legal obligation
- processing is necessary to protect the vital interest of the data subject
- processing of data is necessary for the performance of a task carried out in public interest or the exercise of official authority vested in the controller
- processing is necessary for the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject
As a business organization when you access your contacts to WhatsApp, it becomes the data processor. WhatsApp will then determine if the business can message the contacts on WhatsApp Business and then delivers the messages to the intended recipient of the message.
The best way to make use of the WhatsApp Business App for your business communication in compliance with GDPR is to add only those contacts to your device’s address book for which you have an appropriate legal basis to contact and communicate. Businesses must thus strictly follow WhatsApp GDPR compliance policy. It effectively means to keep separate your business contacts from your contacts, to prevent the misuse of customers’ data. If you want to keep both personal and business contacts on the same device, some tools allow you to segment your contacts on your phone.
WhatsApp’s obligations as a processor for GDPR compliance
While processing personal data WhatsApp will;
- implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing or accidental loss, alteration, disclosure or destruction.
- notify the user without undue delay about any personal data breach discovered by WhatsApp
- assist the user to fulfill any obligation to respond to requests for the exercise of Data Subject rights under GDPR
- assist the user in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, which deal with a security breach of personal data, its communication to authorities and data protection
- as per the user request making available all information that is reasonably necessary to demonstrate WhatsApp’s compliance with its legal obligations as a data Processor under Article 28 of the GDPR, which deals with the responsibilities of the processor of personal data
- subcontract the obligations of WhatsApp under the Data Processing Terms to a sub-processor only by way of a written agreement with the sub-processors
- upon the termination of the Business Terms, stop processing the personal data and delete it as soon as reasonably practical.
In the past, the use of WhatsApp for business communications was fraught with the danger of breaching GDPR rules and while using WhatsApp business, you as the user had the responsibility of compliance as per GDPR rules. WhatsApp’s efforts to make the app GDPR compliant is a welcome sign for businesses that rely on it for their business communications. Firms must make WhatsApp GDPR compliance policies and must communicate them to the employees and other stakeholders for effective implementation.
About TeleMessage
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.
