NOTICE FOR AUTONOMICS AND COMPANIES IN CASE OF USING WhatsApp
With the entry into force of the EU General Data Protection Regulation on May 24, 2016 and being directly applicable on May 25, 2018, the regulatory framework also changes, which establishes that consent must be “free, specific and informed".
On March 15, 2018, the Spanish Agency for Data Protection has issued a resolution in the sanction procedure initiated to the WhatsApp and Facebook companies. The AEPD has declared the existence of two serious violations of the Data Protection Law, one communicating data without having obtained the explicit consent of the user and the other treating this data for other purposes without the consent.
The RGPDUE 2016/679 provides that the Data Controllers will apply the technical and organizational measures necessary to guarantee and demonstrate that the processing of personal data is in accordance with current legislation, and that the non-application of these measures is punishable.
This fact marks a before and after the use of WhatsApp within the corporate scope. Companies that use the application with their clients can be fined, since the AEPD sanction establishes that it is an unsafe tool. The situation that the RGPDUE poses to the legal entity is that the company has the responsibility in the management of the data and its treatments, giving it the maximum responsibility.