WhatsApp is the most installed app in the world and globally the most used instant messenger. WhatsApp accompanies billions of people every day. Consequently, more and more companies want to be accessible to their customers through this channel.
However, many companies have concerns about using WhatsApp in compliance with the General Data Protection Regulation (GDPR). In this blog post, we address the possibility of using GDPR-compliant WhatsApp.
These concerns are based on both the tarnished reputation of WhatsApp’s parent company, Facebook (now “Meta”), and the uncertain legal situation after the abolition of the Privacy Shield agreement until mid-2020, which served as the legal basis for data transfer to the USA.
The topic of WhatsApp marketing is particularly sensitive because it involves not only offering support and service via WhatsApp but also advertising and offering services or products via WhatsApp.
Companies are often unsure about the differences between the WhatsApp Business App and the WhatsApp Business Platform (formerly WhatsApp Business API) regarding data protection. In fact, due to the structure of these two business solutions, there are different consequences for end-users and companies.
Here, we show you what you need to consider to use WhatsApp Business – whether through the app or the platform – in compliance with GDPR in your company.
WhatsApp & MS Teams: A New Power Duo
Enabling GDPR-compliant WhatsApp newsletters and GDPR-compliant WhatsApp communication also extends to MS Teams applications:
- Synchronize your WhatsApp contacts with your MS Teams and “Office” databases
- Create automated integrations with Sheets, Tables, and Docs
- Synchronize your CRM infrastructure with your WhatsApp CRM
These are just some of the possible use cases between MS Teams and WhatsApp. Feel free to contact us anytime for consultation!
WhatsApp & Data Protection: General Principles
If you use WhatsApp as a contact option, you become a processor of personal data of the customers who write to you there. This concerns at least the phone number of your customers stored on WhatsApp, as well as conversation content such as delivery address or email address.
This processing is generally not a problem. By contacting a customer, you have a legitimate interest according to GDPR to process their data. However, you must adhere to GDPR in processing, just like with your other service channels.
In general, it is important to differentiate between the following different types of WhatsApp business accounts:
- The “WhatsApp Private App”: The app that we all use for personal use. The WhatsApp Private App is not suitable for GDPR-compliant use.
- The “WhatsApp Business App”: The app that allows small and medium-sized businesses to use WhatsApp. You can switch between the “Private App” and “Business App” at any time, and in the latter option, you can also send “Broadcasts” to up to 256 people. Unfortunately, the “Business App” is also not GDPR-compliant.
- The “WhatsApp Business Platform”: The only way to use WhatsApp in compliance with GDPR. Here, the data is “end-to-end encrypted,” allowing for “private hosting” of data on local server locations. META only uses anonymized data for statistical purposes. No profiling takes place, data can be stored and deleted historically, and all GDPR standards and requirements are met in its latest version.
So, a WhatsApp business account can look diverse, and choosing the right WhatsApp software is crucial.
For small and medium-sized businesses, the “WhatsApp Business App” is generally sufficient, depending on how important GDPR compliance is to you when using WhatsApp for your business.
Using WhatsApp Business App in compliance with GDPR (not guaranteed legally secure!)
The responsibility does not end with your own data processing when using WhatsApp products for customer communication. According to GDPR, WhatsApp processes data on your behalf. Therefore, you must obtain a guarantee from WhatsApp that your customer data is processed with appropriate data protection.
This guarantee is recorded in a data processing agreement or, since June 2021, through the new standard data protection clauses. These clauses replace the abolished Privacy Shield and ensure that WhatsApp complies with the new requirements of the EU Commission.
Using WhatsApp Business Platform in compliance with GDPR
WhatsApp encrypts end-to-end conversation content in every application, providing users and companies with the assurance that no one is reading. However, unencrypted metadata such as phone number, device, usage duration, location, and IP address are generated in cloud communication.
WhatsApp currently transmits this data to EU countries, such as the parent company Meta. After the abolition of the Privacy Shield agreement, WhatsApp relies on the valid standard contractual clauses as the legal basis for data transfer.
Tips for the Data Protection-Compliant Use of WhatsApp in Business
We would like to provide you with these tips for GDPR-compliant business use of WhatsApp:
- Let the customer contact you and respond to their inquiry.
- Contact customers only after they have given clear opt-in consent.
- Inform privacy-compliant about your WhatsApp channel, on your website or with a click-to-chat link.
By considering these tips, you ensure a data protection-compliant use of WhatsApp in your business.
Using WhatsApp Business Platform in compliance with GDPR: We recommend the Austrian company “Chatarmin”
Integrating the WhatsApp Business Platform with Chatarmin brings numerous benefits:
- Easy integration and maintenance: Integration is effortless, and we are your personal contact to guide you step by step.
- Certified server infrastructure in Germany: As an Austrian company, Chatarmin places great emphasis on data protection and security in customer communication. Chatarmin’s certified server infrastructure in Germany ensures the highest standards.
- Made for professional service: Chatarmin is specifically designed for customer communication, offering effective features to enable successful WhatsApp support.
- Omni-messaging in one software: Bundle all customer conversations on relevant channels in one place. Chatarmin serves as a platform for website chat, WhatsApp, Facebook Messenger, Telegram, Threema, and SMS – for a comprehensive omni-messaging experience.
- WhatsApp Campaigns: Take advantage of the opportunity to proactively send WhatsApp marketing messages. Create personalized discount promotions, coupon codes, or brochures in the form of WhatsApp newsletters for effective customer engagement.