NOTICE FOR AUTONOMICS AND COMPANIES IN CASE OF USING WhatsApp
With the entry into force of the General Data Protection Regulation of the EU on May 24, 2016 and being directly applicable on May 25, 2018, the regulatory framework also changes, which establishes that consent must be “free, specific and informed".
On March 15, 2018, the Spanish Agency for Data Protection issued a resolution in the sanctioning procedure initiated against the WhatsApp and Facebook companies. The AEPD has declared the existence of two serious infractions of the Data Protection Law, one communicating data without having obtained the explicit consent of the user and the other treating these data for other purposes without consent.
The RGPDUE 2016/679 provides that the Data Controllers will apply the technical and organizational measures necessary to guarantee and demonstrate that the processing of personal data is in accordance with current legislation, and that the non-application of these measures is punishable.
This fact marks a before and after the use of WhatsApp within the corporate sphere. Companies that use the application with their clients can be fined, since the sanction of the AEPD establishes that it is an insecure tool. The situation that the RGPDUE raises to the legal person is that the company has the responsibility for the management of the data and its processing, granting it maximum responsibility.