Does your company use a messenger for customer communication? It is therefore essential that you comply with the GDPR requirements.
Messenger and their privacy problem
WhatsApp, Telegram, Skype and the like have been on the rise for a few years. The messengers replace communication via SMS, e-mail, and in many cases even exchanges over the phone. No wonder: messengers are easy to use, young and old understand how to use them immediately. And in addition to text messages, users can also exchange voice and picture messages.
That is why messengers are not only used in the private sphere, but also in corporate communication. Understandable, after all, almost everyone owns a smartphone and has at least one chat tool installed on it.
This advantage can also be a disadvantage, because some messengers are not GDPR-compliant. This means that they violate the data protection regulations of the EU. Thus, the wrong use is a risk. One that companies should better not go into.
Why you have to pay attention to data protection
If your company exchanges data with business contacts or private end customers, you must observe data protection compliance, among other things. The GDPR (General Data Protection Regulation) stipulates how the protection of personal data can be properly fulfilled.
The GDPR is a European Union decree that has been in effect in all EU member states since May 2018. If your company does not comply with the guidelines or if there are violations, this can result in high fines. In the worst case, these can run into the millions.
Failure to comply with data protection in accordance with the GDPR is not a trivial offense, but a criminal offence. One that can become very expensive for your company.
The penalties are a response by the legislator to the various data protection violations in the past. They also want to prevent companies from acting like “data octopuses”. Instead, the self-employed and companies are encouraged to use customer data as sparingly as possible and to make processing transparent.
Why some messengers violate the GDPR
WhatsApp is the world’s most famous and popular messenger. At the same time, it is discredited: On the one hand, the app reads the address book of the users to show them contacts who also use WhatsApp. To do this, Messenger sends the address book data to WhatsApp Inc., a subsidiary of Facebook, in the USA. On the other hand, WhatsApp and Facebook process the personal data for user analysis and advertising purposes.
Reading out the contact lists, sending the data to non-EU countries and processing also occurs with other messengers. If your company uses such applications, it violates the legal data protection requirements and thus the GDPR.
Is it forbidden for companies to use messengers?
No! However, your company must rely on GDPR-compliant solutions. These can be messenger apps and online applications where data protection is observed.
What distinguishes a GDPR-compliant messenger
There are a few criteria that a communication program must offer in order for it to meet European and German data protection requirements. These are for example:
- The messenger should not read the address book of the users
- The application uses end-to-end encryption
- The provider’s servers are located within the EU
- The personal data may not be used by the provider for advertising purposes
- Ideally, the data is stored locally and not in the cloud
Does WhatsApp comply with data protection regulations?
Yes, but only with the WhatsApp Business API. This is a variant with which companies, in particular, can meet the high data protection requirements.
However, the “private” version of WhatsApp does not meet the requirements.
GDPR-Compliant Messengers for Businesses: Secure Alternatives to WhatsApp
WhatsApp is very important for messenger marketing and conversational commerce. For businesses, there are some safe alternatives that you can use without much hesitation. For example:
WhatsApp Business API
If you want to communicate with your customers and business contacts via WhatsApp despite some concerns, Facebook has a GDPR-compliant alternative up its sleeve: the WhatsApp Business API. This is a special variant of WhatsApp that meets all data protection requirements.
The WhatsApp Business API does not exist as a standalone app. But you can use them in all-in-one solutions like Chatwerk.
No data collection, focus on privacy: These are Threema’s promises. The provider is a Swiss company that uses local servers. Although Switzerland is not part of the European Union, data processing is GDPR-compliant. All communication is encrypted, and users can prevent the address book from being readout.
The smartphone app is recommended by data protection and security experts. This is partly due to the data economy and the very good encryption of the data. Signal is based in the US, but the non-profit company operates servers worldwide.
More privacy-compliant messengers for companies
Wire, Rocket Chat, ginlo and Teamwire are also very good and privacy-compliant messengers that are suitable for corporate use. However, they have a low distribution. You would therefore have to persuade many of your customers to switch to a messenger that they do not know.
Messengers for companies: How to use them according to GDPR
As you can see, there are a number of GDPR-compliant alternatives to WhatsApp on the market. Even WhatsApp, by far the most popular messenger, has a variant with WhatsApp Business API that you can use without hesitation.
Nevertheless, you should consider a few things before using a messenger:
- Talk to your data protection officer and/or an IT lawyer about the messenger solution you would like to introduce in your company. Your contact person will give you important tips on how to use the new communication application correctly. And he can inform you about current legal pitfalls.
- Train your employees on data protection and GDPR. Educate them about the consequences of improper handling of personal data.
- Never use a chat and communication application privately and for business on one device. For example, if you have installed Threema on your work cell phone, you may only use it to communicate professionally and not privately. Likewise, you should not save any private contact data on your business smartphone and no business addresses on your private mobile phone.
- Adjust your messenger’s settings. Make sure that as little data as possible is transmitted to third parties (e.g. to the operator).