WhatsApp on a company phone: Why is it a big no-no?

What if WhatsApp is an integral part of your communication strategy? It turns out that using WhatsApp on a company phone for internal communications has serious downsides. Using personal messaging apps inside your company can lead to massive data breaches, internal compliance issues, and even lawsuits against you as a company or its employees.
Whatsapp-Business-Smartphone-Professionnel
Whatsapp-Business-Smartphone-Professionnel
Table of contents

GDPR and WhatsApp: What you need to know

As a business owner, you might have heard about or used WhatsApp on a company phone. It is one of the most popular messaging apps around the globe and has a huge number of users.

Companies have now gone through some changes that affect their privacy policy. In European Union countries for example, the GDPR (General Data Protection Regulation) regulates how personal data can be processed by companies since 2018.

WhatsApp transfers data to Meta/Facebook

In January 2021, WhatsApp updated its terms of service and privacy policy to introduce a new feature that will share user data with Facebook—even if users do not have an account for Facebook. This change was initially planned for February 8th but was postponed for three months due to feedback from users about this policy update.

WhatsApp privacy policy after 2021

The biggest concern about WhatsApp’s new privacy policy is that it shares personal data such as phone numbers and account activity with Facebook. According to the GDPR WhatsApp rules:

Whatsapp-Business-Smartphone-Professionnel
  • The personal data you provide must be gathered for specific purposes, and it must not be used in a way that is incompatible with those purposes.
  • Further processing for archiving purposes in the public interest, scientific or historical research or statistical purposes shall not be considered incompatible with the initial purposes.
  • However, the processing of personal data from business contacts (and the data transfer to Facebook servers is a process in this sense) needs written consent from all contacts listed in the address book of the business cell phone.

WhatsApp on a company phone: MDM software vs. container apps

Thankfully, there is a solution: company and private data can be kept separate on company phones. This can be achieved by a container app or an MDM software.

There is a big difference between container apps and MDM software, and it’s important that you understand the difference to choose the best option for your business.

MDM software

Mobile Device Management software serves as the simplest way to set up a Bring-Your-Own-Device (BYOD) policy in companies. Mobile Device Management (MDM) software, such as AirWatch, Microsoft Intune, or MobileIron, allows employees to install their applications on a mobile device without any restrictions. It’s a good idea to ensure that BYOD legal aspects are covered.

It allows employees to use the same phone for business and personal purposes. It does this by creating two separate workspaces on the device, one for business and the other for private use. This may be similar to what container apps do, but MDM software also gives other benefits such as allowing remote access to install security apps and updates, or even wipe the device if it’s lost or stolen.

Container apps

Using WhatsApp on a company phone? Let’s chat about container apps. A container app is a technology that holds an application along with its configuration files, preferences, and information within a defined space on a device.

As containerization is a standard feature of MDM softwares, it is usually advisable to opt for an MDM solution. MDMs offer numerous additional functions in comparison with a mere container app.

Due to data protection problems with WhatsApp, WhatsApp is forbidden on a service cell phone. Let’s take a look at why that is.

WhatsApp and mobile malware

The first and most obvious reason you shouldn’t use WhatsApp on a company phone is that it’s meant for personal use. It was never built with companies and their data privacy needs in mind. It was created to allow friends, family, and loved ones to share personal messages, photos, videos, audio clips, and other information.

Why is this a problem? WhatsApp isn’t particularly secure—and just using it on your company phone could open the door to all kinds of malicious activities and problems unless you have other security measures and virus protection on the phones.

Have you ever been sent one of these chain messages, that your kids may warn you about? They usually come with a fake link to a fake app store. WhatsApp is thus susceptible to many of the same vulnerabilities that plague regular text messaging as an enterprise solution for messaging apps.

WhatsApp discourages business use of its app

The WhatsApp company, which Facebook (now known as Meta) bought in 2014, has strict rules about how its users should use the app. The company is clear that your employer may not approve the use of its app on company-issued devices and advises that you should not install the app if this is the case.

It would violate your company’s security policy and put it at risk for a data breach. In addition to these specific warnings about using WhatsApp on a company phone, there are several other reasons why employers might discourage their employees from doing so.

Whatsapp is not GDPR-compliant

You might already know the General Data Protection Regulation (GDPR) rules. But here’s a quick refresher. The GDPR is an EU regulation that protects the personal data of all citizens, whether it’s collected inside or outside of Europe.

The regulation applies to any organization that deals with such data, regardless of its location or business type. As per Article 4(1) and Recital 26 of the GDPR, “personal data” means any information relating to an identified or identifiable natural person.

This information can include the name, email address, phone number, identification numbers, cookies, etc. It can even be physical characteristics like your height and weight.

If you possess ANY data related to a European citizen (or anyone else), you must comply with the GDPR. As per Article 5(1)(b), you shall process personal data to ensure appropriate security. This process means that you must keep all personal data secure – not sharing it with unauthorized parties.

Final thoughts

WhatsApp on a company phone is not a good choice for business communications. If you are a business and you use WhatsApp, it behooves you to be aware of the risks above and take steps to mitigate them.

It isn’t easy, but possible – even if you don’t have access to cloud backups or the ability to control your device remotely. The first step is to educate your employees about these issues to make smart decisions with their work devices and data.

Free download

Private mobile devices on the job–is the data secure? Find out in our free BYOD white paper. 

 

Everphone

Related articles

11988
security smartphone

Why phone security is a top priority today

11988
security smartphone

Why phone security is a top priority today

11301
data separation company phone

Data separation on company phones—why do you need it?

11224

MDM software: What to do before a company phone is stolen

12416

Virus protection for company phones

11329
employee benefit

Employee benefits: does a company phone help?

Stay informed

Our newsletter will deliver the latest info on mobile work and mobile devices to your inbox. Subscribe here and we’ll keep you posted. You can also follow us on our social channels for more Everphone insights and updates.

Blog categories

Mobile work

Data security

Employer branding

Technology

Business phone plans

Sustainability

Whitepaper

Gain expert knowledge from our whitepapers

Read up on mobile device topics from different perspectives. Learn what device management means for IT, Procurement, or People & Culture.

Whitepaper: Mobile devices and HIPAA compliance

Whitepaper: Company phones as benefits

Report: Mobile device sustainability