Can I use WhatsApp for work?
Using WhatsApp for work is like using a personal email account. It’s a fantastic product, but not suitable for the workplace. Here’s why:
Data Protection
WhatsApp messages are stored on sender and recipient devices. What happens if a device is lost or stolen, how do you secure the data? Who controls the message data, and who can they legally share it with? Your organisation is data controller for all the data it collects, processes and stores. Using WhatsApp arguably makes it impossible to fulfil the requirements of this role under GDPR.
Lack of Accountability
Given that WhatsApp stores messages on individual devices, how does you organisation gain access to them when needed? There are many reasons this may be necessary, such as responding to a DSA or FOI request, conducting an internal investigation, or reviewing a decision-making process. These are all quite commonplace and should be straightforward to complete. If WhatsApp is involved, it can become extremely complex and time-consuming.
Data Retention
WhatsApp messages are stored indefinitely on individual devices. How would you ensure data is stored for the required period of time? and then securely deleted? How would you provide assurance this has been done? Particularly if you are handling sensitive data, using WhatsApp makes data retention compliance practically impossible.
Work-life Balance
WhatsApp is always on, so if you are using it for work, how do you switch-off? If you are sitting at home in the evening and your phone goes, of course you are going to check it. If it turns out to be a work message, are you really going to forget about it until the morning? For good employers, this is an issue that needs to be solved and WhatsApp is part of the problem, not the solution.
Duty of Care
WhatsApp uses phone numbers and shares them with every connected user. If someone makes inappropriate use of a private phone number, it can create significant welfare issues. It is a direct, unsupervised channel of communication into someone’s private life, the abuse of which can lead to negative outcomes for all involved. If an organisation requires or requests that phone numbers are shared (through the use of WhatsApp) then any abuse of this data falls within its duty of care as an employer.
