In light of the €15.9m fine issued by the European Commission to International Flavors & Fragrances Inc and International Flavors & Fragrances France SAS (IFF), it is worth examining the extent to which WhatsApp is used in business today and the risks involved.
Taking a step back to 2020 and the onset of the Covid-19 Pandemic, the lines between employee’s work and private lives certainly became blurred. The use of personal devices and consumer tools like WhatsApp at work became commonplace – and, in many cases, necessary. In addition, tools that are widely used by consumers often find their way over to the business arena – be it by stealth or by design – and such is the ubiquity of WhatsApp that there is an element of inevitability that employees would replicate their personal use of WhatsApp in a work situation. That is not to say however that the use of WhatsApp for business does not come with significant risks.
Using WhatsApp for Internal communications is one danger area, but the area we want to focus on today is the use of WhatsApp to communicate with customers and the dangers it poses. Before we look at the risks involved, it should be pointed out that WhatsApp does come with a number of benefits and we will examine them below.
Advantages of WhatsApp for Customer Communication
- Convenience – WhatsApp is convenient for business and customers alike. It is a messaging tool that everyone can use and, in 99% of cases, everyone is familiar with. There is no need to download any new software or undergo any training and, on the face of it, customer communications and onboarding can be conducted in a seamless manner.
- WhatsApp Business Additional Features – WhatsApp Business was launched in 2018 and comes with a number of features which can help companies manage the risk involved. Features include:
- Automated responses
- Message templates
- Labels
- WhatsApp Security Credentials – WhatsApp does boast end-to-end encryption and is built in a GDPR compliant manner.
- WhatsApp API – The availability of the WhatsApp API for WhatsApp business customers enables businesses to integrate WhatsApp with their existing systems providing added convenience and flexibility around enterprise workflows.
Risks of WhatsApp for Customer Communication and Onboarding
- Security Risks – In spite of WhatsApp’s impressive encryption capabilities, there are still some risks associated with the use of WhatsApp in a business situation that you should consider. With close to 3 billion estimated users, WhatsApp is a very large playground for hackers, scammers, and bad actors. Nefarious tactics such as social engineering, forwarding calls, web hacking, and spyware are all regularly deployed, increasing the potential risk involved in WhatsApp business usage.
- Compliance – According to their website, WhatsApp for Business is GDPR-compliant based on its intended purpose. There are however many ways companies can still fall foul of GDPR regulations by using or misusing WhatsApp for Business to communicate with customers. For instance, storing and archiving customer conversations which contain personal data and sensitive items can be challenging. There are no auto-purge features to ensure data isn’t stored beyond its intended date, nor are there audit logs or archiving which are essential to meeting GDPR compliance obligations.
- Scalability – Scalability is another issue that can lead to potential compliance risks. If your company is using WhatsApp to collect documents and sensitive personal data during the customer onboarding phase, you need to consider how this process will scale. If you’re not careful the end result will be a situation where customer data is stored all over the place in a maze of customer WhatsApp communications. At this point, how will your company go about auditing customer data, or even locate this data in the case of a Data Subject Access Request.
Protect Your Company
Having weighed up the pros and the cons of using WhatsApp for customer communications, it is clear that very real security and compliance risks exist. The size of potential fines for regulatory failures is enormous, while security breaches can be extremely costly both in terms of company reputation and the loss of revenue.
PlanetVerify provides an alternative channel for customer communications that is highly secure, GDPR compliant, and provides companies with a way to communicate with customers in an on-brand manner. Our platform is highly flexible and our API-driven approach helps companies to implement bespoke customer onboarding and KYC workflows needed to meet the needs of the modern customer.
If you are putting your company at risk by using WhatsApp for business communication, please reach out to PlanetVerify today to secure your customer onboarding process.