Due to the potentially high fines of the GDPR and related financial risks, many businesses are not willing to tolerate WhatsApp as part of the shadow IT anymore and as an alternative look for a secure enterprise messaging app that is compliant with the GDPR.
(=> NOTE: To understand the upcoming GDPR law and the related WhatsApp problem in detail, please read this blog post.)
We regularly get asked what requirements a secure enterprise messaging app needs to meet and what businesses need to take care of in order to be GDPR compliant. In addition to the blog post on the required features for an enterprise messaging app for GDPR compliance, we now publish a short checklist with the most important questions to quickly identify if a business is going to be in conformity with the GDPR by deploying a secure enterprise messaging app.
GDPR Checklist for Secure Enterprise Messaging:
1. The enterprise messaging app does NOT store the device address book of the user? Ok
2. The enterprise messaging app does NOT store data outside the European Union? Ok
3. Bonus: The enterprise messaging app stores data only in the country of the enterprise? Ok
4. The enterprise messaging app does NOT use or store data unless it is required to provide the messaging service (principle of data economy and data reduction)? Ok
5. The enterprise messaging app does pseudonymize and encrypt personal data as far as possible? Ok
6. The enterprise messaging app does NOT analyze meta data, does NOT generate user profiles or does NOT analyze the messaging communication and content? Ok
7. The enterprise messaging app provides comprehensive configurations and policies to protect data? Ok
8. The enterprise messaging app allows to delete users and all related personal data? Ok
9. The enterprise messaging app provides full access controls for integrations, chat bots and other uses of APIs? Ok
11. The enterprise messaging app guarantees an order data processing in compliance with the GDPR? Ok
12. The enterprise messaging app has a messaging archive that is fully searchable (with access by authorized persons only)? Ok
13. The enterprise messaging app has audit logs and ensures record keeping requirements? Ok
14. The enterprise messaging app has appointed a data protection officer? Ok
15. WhatsApp is NOT used for communication in the enterprise? Ok
16. WhatsApp is NOT allowed to access the device address book of a user (in case the user has stored business contacts there)? Ok
Please contact us, if you have questions regarding this GDPR checklist for a secure enterprise messaging app or want to understand in detail, how Teamwire ensures strong data protection, security and compliance and fully meets the requirements of the GDPR.