[Free Guide]
From Paper to Pixels: Driving Digital Transformation for Frontline Teams
« Back to Blog

Ditch WhatsApp at Work, Avoid €20 Million in GDPR Fines

Data Security Checklist

As of May 25, 2018, the EU officially began enforcing its new General Data Protection Regulation (GDPR) standards. This initiative aims to heighten personal data security across all businesses operating within or connected to Europe. In order to avoid GDPR fines, your organization should create a GDPR compliance checklist to ensure all internal communications–especially with your employee app–address GDPR compliance.

Learn why Beekeeper is the best GDPR compliant communication platform.

GDPR Penalties and Risks of Non-Compliance

Despite the initiative’s roots, the impact of GDPR compliance will stretch far beyond the confines of the EU. Any hotel that hosts international guests, for instance, is subject to the new GDPR rules. In other words, to avoid heavy GDPR fines, it is crucial for all international business owners to ensure GDPR compliance.

As we sprint to the GDPR compliance deadline, many companies are doing their part to keep their workforce informed. Amanda Finch, Director of Risk and Compliance at Journyx, spoke to us about how GDPR compliance will impact companies well outside of EU borders.

Finch states, “Any data you gathered from a person in the EU, regardless of where they actually reside, puts your company in the GDPR enforcement crosshairs. Can they really enforce these fines on non-EU companies? The answer is yes – they certainly can. In one example, the U.S. and the EU have agreed to a framework that permits enforcement against companies in the U.S. – a necessary step to maintain the vast amount of U.S.- EU trade.”

She goes on to ask, “Do you provide services to companies in the EU? Don’t rely on your knee-jerk instinct to assume that these GDPR penalties won’t flow down to you should those companies run afoul of GDPR compliance. If your EU customer gathers personal data and sends it to you, you are as liable as they for their misdeeds, and subject to the same GDPR fines.”

Internal communication tools sit at the crux of many of the new standard practices enforced by the General Data Protection Regulation, so naturally, we want to provide you with as much information as possible to prepare. A GDPR compliance checklist is a great place to start the privacy assessment of your employee app and other internal communications.

As digital workplace architects, our team at Beekeeper is constantly optimizing our internal communication tools and employee app so your company and employee data remain secure. Today we’d like to talk about what GDPR compliance means for ubiquitous international messaging tools like WhatsApp.

Google Gets Fined 50 Million Euros for GDPR Violation

The Internet giant Google was recently hit with the biggest GDPR fine that’s been issued to date. The CNIL, a French data protection watchdog, has imposed a staggering fine of 50 million euros.

The regulatory body claims that Google did not comply with the GDPR when new Android users set up a new phone and follow Android’s onboarding process.

The motion against Google revolves around how the company failed to provide adequate information to its users about its data consent policies, and didn’t give them enough control over how their personal data was being used. Essentially, under the GDPR regulations, companies must obtain “genuine consent” from their users before collecting their personal information. This means that in order to be compliant, users have to specifically opt in to the process.

Why WhatsApp Could Lead to GDPR Fines as of May 2018

WhatsApp was never specifically designed for enterprise use, and the security risks of using a tool like this for official company business is well-documented. In addition to the fact that WhatsApp’s data privacy record leaves much to be desired, the employee app is also not optimized for group chat or collaboration. For non-desk workforces and busy teams who must collaborate on the go, the user experience is seriously lacking.

Despite its shortcomings for corporate use, many international companies use WhatsApp as a cost-effective, one-on-one messaging and conferencing tool. Under the new General Data Protection Regulation laws, however, the use of WhatsApp will count as a strike against businesses because it fails to meet the security standards that companies must uphold to avoid massive GDPR fines.

WhatsApp’s GDPR compliance is questionable on several counts, including the Right to Access, the Right to be Forgotten, Privacy by Design, Data Portability, and Transfer of Data.

Achieving GDPR Internal Messaging Compliance in 3 Steps

Company content hubs should feel like a warm and lively gathering, not a ghost town. Carrying strong visual brand assets throughout your internal communications hub is a great way to encourage employee engagement and collaboration.

Whereas a traditional intranet can feel as sterile and stark as a windowless chamber, the Beekeeper employee app can be customized for your business needs without robust assistance from IT or technical leaders in your organization.

In addition, the Beekeeper employee app interface allows individual employees to select functionalities like push notifications and workflows, giving a more personalized feel to the digital workplace experience.

In addition to increasing productivity, these interactive features and notifications also encourage higher levels of participation within the company culture, leading to higher levels of overall workforce satisfaction.

  1. Adopt and Adapt
    Now is the time to adopt an internal communication tool built specifically for enterprise — a tool that meets GDPR compliance and that will mesh well with your employee workflow. Adopting an ISO 27001-certified IT strategy is recommended. Before onboarding employees, be sure the new system is thoroughly tested and passes our GDPR liability test.
  2. Implement a GDPR Compliance Checklist
    As old habits tend to die hard when it comes to messaging and communication, it’s important to host formal trainings that clearly outline the details of your company’s GDPR compliance checklist and how it applies to your employees and their use of your employee app if you have one. This will go far to make sure the company doesn’t incur any GDPR penalties while ensuring that employees understand how to use the new internal communication tool.

    When deciding which internal messaging tool is right for your company, be sure to keep in mind that it should be mobile-friendly with an accessible and customizable interface. Really Simple Systems CEO Jon Paterson has employed a diligent internal communications strategy to keep his entire organization aware of not just adjustments to usage, but of the high stakes implications, and potential GDPR penalties, for business.

  3. Maintain and Enforce to Avoid GDPR Penalties
    Considering the massive financial risk of violating the General Data Protection Regulation rules, maintaining and enforcing GDPR compliance within your digital workspaces is of critical importance. As you retrain employees that have been with the company a long time on the new internal messaging tools and onboard new staffers, be sure to emphasize that using non-sanctioned messaging tools intended for consumers like WhatsApp, Viber, or iMessage is strictly prohibited, and that usage of any non-sanctioned messaging platforms puts the company at risk for GDPR penalties.

“Everyone who handles personal data – sales and marketing teams, accounts, HR, customer services – needs to be educated about GDPR compliance.” Paterson shares, “We’ve sent a briefing note to all such staff explaining what GDPR is, how it affects the company and how it will affect them.”

To learn more about why consumer-grade platforms like WhatsApp could threaten your business data, download our Security and Support checklist.