WhatsApp Ban in the Enterprise: GDPR-Compliant Messaging Apps, Alternatives and Solutions

The use of WhatsApp as part of shadow IT is very common in enterprises. This actually affects every industry, sector and function as well as the entire public sector.

Teamwire, Jun 29 2020

The use of WhatsApp as part of shadow IT is very common in enterprises. This actually affects every industry, sector and function as well as the entire public sector. Since a WhatsApp usage in the enterprise is not legally compliant with the European General Data Protection Regulation (GDPR) and WhatsApp can not adequately protect corporate data, more and more companies are banning the use of WhatsApp for business purposes: Deutsche Bank banned WhatsApp and similar messaging apps a long time ago. The automotive supplier Continental has also recently opted for a ban of WhatsApp in the enterprise. Teamwire knows many other companies and organizations that have also banned WhatsApp for business communications.


Enterprises know ask themselves the following questions:

What are possible solutions for the WhatsApp problem?
What secure and GDPR-compliant messaging apps and alternatives are there for businesses and the public sector?


We want to discuss these points in more detail in this blog article.


Option 1: Ban WhatsApp


To announce a WhatsApp ban is certainly an option for enterprises. However, businesses should pay attention to two things:


1. A WhatsApp ban must be technically and organizationally feasible. It does not do any good if WhatsApp is banned, but people do not follow the order, communicate with business contacts and share confidential company information. In such a case an enterprise can still face warnings and high penalties due to the GDPR despite a ban. That’s why a business should, for example, use a Mobile Device Management / Enterprise Mobility Management solution (MDM/EMM) to block WhatsApp on all devices.


2. Employees do not use WhatsApp to harm the enterprise, but because the communication is faster, the coordination is easier and the collaboration is more productive than with other tools available in the organization (such as email or a unified communications tool). That means although WhatsApp is not a GDPR-compliant enterprise messaging app, it significantly increases business productivity. In that sense, enterprises should also offer their employees a GDPR-compliant messaging app as an alternative (see option 4) to maintain productivity. Otherwise businesses will harm themselves by a ban of WhatsApp.


Option 2: Protect Business Contacts


An important reason why WhatsApp is not GDPR-compliant is the uploading of all contacts from the user’s address book to WhatsApp. Thus, an enterprise loses control over personal data and can not protect business contacts in compliance with the GDPR (for example, when using WhatsApp companies can not comply with GDPR’s request for information and right to forget).


With iOS 11.3. and with Android for Enterprise, there are ways to separate business and personal contacts. With the help of an MDM/EMM solution business contacts can be marked and protected in a container. The user gets an own corporate address book. This can prevent an uploading of business contacts to WhatsApp.


This option is not a 100% secure protection against a business use of WhatsApp: Employees could still add contacts themselves in the local, private address book on their device, and customers or business partners could also contact employees via WhatsApp. However, in general the separation of contacts can be an important move for an enterprise to become GDPR-compliant and should reduce the usage of WhatsApp or similar messaging apps for business purposes.


Option 3: Use a Unified Communications or Collaboration Tool


Enterprises often use unified communications tools such as Skype/Lync or Cisco Jabber. An obvious step would be to use such a tool as a WhatsApp alternative and GDPR-compliant messaging app. Unfortunately, unified communications tools do not meet the necessary, functional requirements for a messaging app. In particular, key business features such as group communication and sharing of digital content are very weak in unified communications tools compared to modern messaging apps. The practical experience reflects that: If unified communications tools were as good as WhatsApp in the first place, employees would use these tools now instead of WhatsApp as part of shadow IT.


The same goes for collaboration tools like Microsoft Teams or Slack. Their focus is on static, project-related work, which does not cover many business use cases, especially in today’s “mobile” and dynamic working world. These tools also lack important features of messaging apps, and most importantly a simple and intuitive user experience like WhatsApp. In addition, many of these tools are cloud solutions from abroad, which raises questions with regard to comprehensive data protection and GDPR-compliance.


As such, unified communications and collaboration tools are a potential option, but not really a WhatsApp alternative for enterprises.


Option 4: Deploy a GDPR-Compliant Enterprise Messaging App


More and more businesses are deploying a GDPR-compliant enterprise messaging app like Teamwire as an alternative to WhatsApp. This is an option to clearly separate business and private communications and to meet all data protection requirements and the GDPR. In addition, GDPR-compliant enterprise messaging apps boost productivity like WhatsApp and cover a wide range of business use cases.


GDPR-compliant enterprise messaging apps process data only in accordance with data protection laws and based on pre-defined purposes. Vendors of GDPR-compliant enterprise messaging apps take comprehensive measures to protect personal data. Such messaging apps are based on a “privacy by design” concept. That means for example that they don’t analyze metadata to create user profiles and do not store private address books. In order to protect the data, GDPR-compliant enterprise messaging apps use strong encryption during transport and storage on the devices and servers. With such a messaging app, enterprises can control all data centrally and protect it with policies company-wide. Furthermore, GDPR-compliant enterprise messaging apps have their data centers within the EU and ideally in the country of the company’s headquarters.


(=> NOTE: All requirements for a GDPR-compliant enterprise messaging app are listed in this checklist.)


Enterprise messaging apps have a user experience like WhatsApp and a familiar, intuitive user interface. The transition from WhatsApp to the enterprise messaging app is therefore easy for employees and leads to quick acceptance.


Enterprise messaging apps provide rich functionality in terms of group communication and sharing of digital content. Examples include large group chats, professional chat administration, broadcasting, read receipts, and surveys (e.g. like Doodle). The leading messaging apps also provide APIs for integrations into the enterprises’s IT ecosystem. Such integrations and chat botsare becoming increasingly important for digitization and IoT: Workflows can be simplified and accelerated, and some processes can be completely automated.


(=> NOTE: We recommend our blog article on leading enterprise messaging apps that can be helpful in selecting a suitable WhatsApp alternative.)


These are all very important topics for an enterprise’s security and productivity, but they are also just the beginning: Enterprise messaging is a relatively young market and there will be plenty of innovation in the coming years.


Conclusion and Individual Solutions


There are some good solutions for the WhatsApp problem. Depending on the requirements of an enterprise, the individual options can also be combined (examples are options 1+4, 2+4 or even 3+4). If you are considering a WhatsApp ban and are looking for a GDPR-compliant enterprise messaging app, please contact us for more information about Teamwire.