I think the vast majority of organisations know that there are some inherent risks in the use of WhatsApp as a commercial communication tool. However, many think the fact that it is free, is easy to use and provides encrypted messaging and free calls is to good an offer not to take advantage of and this far outweighs the risk.
In this article I have identified potential pitfalls of using WhatsApp in the workplace. I must state I am not a lawyer or security expert, but I have pulled together a layperson’s guide to help people make an informed decision.
The first thing to say is that WhatsApp was never designed to be a commercial employee communication tool and as such it has a number of flaws when it comes to governance and compliance in respect to business and personal data.
From a business perspective you have no control over what groups may exist within your organisation or who belongs to any group (be they employees, friends or even competitors). That is because there is no central directory of users or central administration.
Also remember you cannot revoke business information once it has been posted on WhatsApp as the data is stored on individual phones. It might be possible to remove someone from a group if you have the right permissions, but they still have access to all received company information including potentially sensitive data.
It gets worse, if an employee uploads their phone contacts to WhatsApp and they contain numbers of colleagues, customers or suppliers then they are uploading personal details to WhatsApp (and Facebook – who own WhatsApp) without the consent of these individuals and that breaks privacy regulations such as GDPR. Indeed, WhatsApp protect themselves by passing the responsibility for this consent to individual users of the service
If by some miracle you can somehow manage your WhatsApp groups and contacts, then you are surely safe as all messages are encrypted.
Not necessarily so, if someone in your group exports the entire chat history of the group then it can be sent or stored anywhere. Also, any person in the group can simply forward the messages in WhatsApp to anyone, anywhere. If you or someone in your group backs up their WhatsApp, then that content is not encrypted either.
Then there is the issue of backup of business records including employee conversations if work related. Businesses have a legal duty to maintain adequate controls over legitimate business records including employee conversations if work-related. Plus, there are additional requirements around sensitive data e.g. patient records, financial records etc…
WhatsApp encryption policy means that they are moving towards ephemeral messaging with greater levels of secrecy and anonymity so they do not see the point of back ups so there is no record of any conversation that can be reproduced for evidence or compliance purposes.
Scary isn’t it? I’m guessing you are thinking it cannot be that risky can it? Well the final point to be made on the suitability of WhatsApp as a commercial communication tool is simply the fact that WhatsApp themselves prohibit business use by their own employees.
So, what to do?
In general, I would suggest now is the time to adopt an internal communication tool built specifically for business use — a tool that meets GDPR compliance and that will mesh well with your employee workflow.
Specifically, I would endorse the Beekeeper application which is a mobile platform purposely built for frontline workers which allows the entire organisation to communicate better, coordinate faster and get more done.
Not only does it overcome all the issues outlined with WhatsApp as identified above but it also maximises productivity with mobile information and workflow, increases workplace safety and aids employee retention and satisfaction, all by getting the right message to the right people at the right time.
To learn more about Beekeeper check out my website https://fresheyesassociates.co.uk/beekeeper/ As a UK channel partner for Beekeeper I would be delighted to answer any of your questions so feel free to call 07971 052857 or email firstname.lastname@example.org