Data protection and using WhatsApp
I work for a mental health charity. My staff are now working from home. Can you give me any guidance on what I should be advising? Also is it safe for staff to communicate with clients via WhatsApp?
Assign topic to the user
Your Charity should implement a data protection policy to tell staff how to deal with data.
Consider that (mental) health data that you probably handle is a particular category of data that is under article 9 GDPR (also known as sensitive data). These data need to be processed under the consent of data subject and require additional precaution for their security because the risk for freedom and right of individuals is high.
In these tragic circumstances, due to the COVID-19 pandemic, each Data Protection Authority is giving some advice to organizations working from home, so firstly you should check the website of your Data Protection Authority.
Here you can find some useful links to Data Protection Authorities website: https://advisera.com/eugdpracademy/knowledgebase/useful-links/
In general, you should try to keep separate charity data from personal data belonging to your staff. In case of emergency, maybe your staff is working from home with their own device. Therefore, ask them to avoid leaving their device accessible to their family members, to make a separate account on Windows for work tasks and to avoid to save data on their hard disk. They should also implement security measures, like antivirus, antispam and antimalware and two factors authentication methods.
WhatsApp allows encryption end to end, and if the mobile phone is used with fingerprint authentication can be a way to communicate with clients.
You should always make aware clients that they are communicating with staff using their own device and through WhatsApp and offer different methods in case they don’t feel confident about it (i.e. email or telephone).
You can find some useful information here:
You can also learn more about GDPR with our online free EU GDPR Foundation Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Apr 02, 2020