Do Your Staff Use WhatsApp For Customer Communication? You Could Have A Serious GDPR Breach

October 12 2020

WhatsApp and GDPR

The General Data Protection Regulations came into force in 2018. As a result, businesses need to ensure that they are compliant with legislation in relation to the methods they use to collect, store, analyse, use, and securely delete or destroy the personal data they hold on individuals.

For most businesses, this involved a review of their Data Protection policies and procedures, as well as their systems and structures, such as their data management, CRM, and email marketing systems. However, one area that is often overlooked is the use of instant messaging applications by the business, and their employees. 

Want to find out how to make your practices GDPR compliant? Get in touch today…

Instant messaging has changed the way businesses communicate with customers, with many using apps like WhatsApp as part of their Sales and Customer Service toolkit. With over 1.5 billion users worldwide, it’s easy to see why. 

Research suggests that consumer behaviour and preferences are also driving the trend for increased use of WhatsApp by business. A recent survey by Stitch found that 56% of consumers said they would choose a brand that offers WhatsApp as an official communication channel over a brand that doesn’t.

If businesses want to increase turnover, provide effective customer support, and retain customers, it makes sense that they would use WhatsApp as a communication channel.


But is the use of WhatsApp by businesses GDPR compliant?


If using the standard WhatsApp application, the answer is ‘no’. WhatsApp clearly state on their own their own website that:

“The WhatsApp Business app is for external business communications, whereas the WhatsApp Messenger app is for personal communications. We’ve worked to make each app GDPR-compliant based on its intended purpose.”


So, the first step in being GDPR compliant is to ensure your business is using the correct app. But that’s not where the WhatsApp GDPR compliance journey ends.

When an individual downloads WhatsApp Business on to their smartphone, they are the Controller of the data they hold on their device. WhatsApp is the Processor. This means it is the responsibility of the Controller to ensure they have a legal basis for using WhatsApp to communicate with customers, typically contractual necessity, legitimate interest, or consent. In addition, the Controller is responsible for ensuring that only those contacts in their address book for which they have the appropriate legal basis are added to their WhatsApp address book. A blanket “add all” just won’t cut it.

This gets especially tricky where companies have a Bring Your Own Device (BYOD) Policy, or a Company Owned Personally Enabled (COPE) Policy. Today, many businesses have these policies in place, where employees can access company systems using secure logins and passwords on their own devices, with access revoked if they leave the business. 

However, with apps like WhatsApp Business, if the app is installed on the employee’s personal device, the associated message content as well as the personal data of customers is also stored on that device. This is not only a hindrance to the business in terms of continuity of service and losing sales opportunities, but it also presents many complex situations where the company may be in breach of GDPR. 


The solution is to provide all employees with company-owned devices, or implement a blanket ban on employees contacting customers via WhatsApp, right? 

Well, not quite. 


Many employees would find the use of two devices cumbersome and it can have a negative impact on productivity. That’s why BYOD policies became so popular in the first place. 

And bans on employees using instant messaging apps is likely to have a negative impact on the business. We’ve already seen how consumer behaviour and preferences are driving the increased use of instant messaging apps by businesses, such as WhatsApp, and this is a trend that is only going to continue. In addition, Sales teams want to close sales and Customer Services teams want to provide quick and effective solutions to customer problems. The likelihood is employees will breach the official policy and continue using WhatsApp anyway, leaving the business no option but to spend precious resource enforcing the policy.  

A digital platform where instant interaction is facilitated is much appreciated and almost a necessary requirement for the modern workspace. While IM & Chat is a well-seasoned technology in our personal lives – instant messaging applications tailored especially for professional communication are in their infancy . One could argue that Slack & MS Teams do the job well enough, but the multitude of channels offered by Slack’s format can make direct messaging confusing, to say the least. Many end users simply don’t adopt the platform.

Human nature is to simply follow the path of least resistance, thus falling back to good old WhatsApp with its trusted speed and ease of communication. Facebook – the organisation that owns the IM app recognises this and has even launched a business counterpart for the messaging app, WhatsApp Business last year. This is very much aimed at sole traders, and not the enterprise market. However, research conducted into the issue has yielded that although a good number of individuals use WhatsApp for communicating at work – they’d prefer an alternative messaging solution. Email & Slack (or Teams/Skype etc) don’t provide your workforce with the tools they need to collaborate effectively.

The Solution?

WhatsApp API, or more specifically, a messaging solution built around the WhatsApp API

Stitch take the pain and hassle out of WhatsApp API Business set up, allowing your Sales and Customer Service teams to keep doing what they do best – making sales and looking after your customers. 

Messaging solutions from Stitch enables you to communicate with your customers safely, in compliance with GDPR, and ensures that the precious interactions and conversations had with your customers remain visible to the business, even if an employee leaves the company.

GDPR compliance isn’t the only working with Stitch. Our messaging solutions also offer:

  • WhatsApp Shared Inboxes, so your team can manage customer communications in one place. 
  • CRM integration so all your customer WhatsApp conversations can be linked to their profile. 
  • An automated ChatBot feature, so general enquiries can be resolved quickly and effectively without the need for employee intervention. For those customers that do need additional support, we can ensure they are directed to the right people. 

Do you want a product that delivers seamless communication for your customers and prospects? These are just some of the benefits of using Stitch to manage your business WhatsApp. 


Contact us today to find out more and arrange a free demo.

We highly recommend getting in touch with us for an open, honest (and easy to understand!) conversation. We’ll get to know your business then explain the options available to successfully tackle the challenges you’re facing. There’s no obligation to take your journey further (although we think you’ll definitely want to!)

Get in Touch With Us