Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Data protection and using WhatsApp

  Quote
Guest
Guest user Created:   Mar 31, 2020 Last commented:   Apr 02, 2020

Data protection and using WhatsApp

I work for a mental health charity. My staff are now working from home. Can you give me any guidance on what I should be advising? Also is it safe for staff to communicate with clients via WhatsApp?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Apr 02, 2020

Your Charity should implement a data protection policy to tell staff how to deal with data.

Consider that (mental) health data that you probably handle is a particular category of data that is under article 9 GDPR (also known as sensitive data). These data need to be processed under the consent of data subject and require additional precaution for their security because the risk for freedom and right of individuals is high.

In these tragic circumstances, due to the COVID-19 pandemic, each Data Protection Authority is giving some advice to organizations working from home, so firstly you should check the website of your Data Protection Authority.

Here you can find some useful links to Data Protection Authorities website: https://advisera.com/eugdpracademy/knowledgebase/useful-links/ 

In general, you should try to keep separate charity data from personal data belonging to your staff. In case of emergency, maybe your staff is working from home with their own device. Therefore, ask them to avoid leaving their device accessible to their family members, to make a separate account on Windows for work tasks and to avoid to save data on their hard disk. They should also implement security measures, like antivirus, antispam and antimalware and two factors authentication methods.

WhatsApp allows encryption end to end, and if the mobile phone is used with fingerprint authentication can be a way to communicate with clients.

You should always make aware clients that they are communicating with staff using their own device and through WhatsApp and offer different methods in case they don’t feel confident about it (i.e. email or telephone).

You can find some useful information here:

  • How cybersecurity solutions can help with GDPR compliance: https://advisera.com/eugdpracademy/blog/2017/11/27/how-cybersecurity-solutions-can-help-with-gdpr-compliance/
  • Free webinar – How to handle consents under GDPR: https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/
  • Free webinar – Privacy Notices under the EU GDPR: https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/
  • You can also learn more about GDPR with our online free EU GDPR Foundation Course: https://advisera.com/training/eu-gdpr-foundations-course//

    Quote
    0 0

    Comment as guest or Sign in

    HTML tags are not allowed

    Mar 31, 2020

    Apr 02, 2020

    Suggested Topics

    Guest user Created:   Feb 23, 2023 EU GDPR
    Replies: 1
    0 0

    Data privacy question