The DropBox and WhatsApp Dilemma

whatsapp gdpr dilemma featured post

So first off, I have a confession to make: I stole the title of this post from someone else! 

The companies were called Dracoon and NetSphere and they did a joint presentation which I saw at this year’s Infosecurity Europe conference. The former developed a file sharing app and the latter an instant messenger, both of which are fully GDPR certified.

Amongst all the presentations, theirs was one that seemed to me to strike at the heart of a real-world problem that most of us can relate to, but the specifics of which might not be obvious to all — though one of our charity clients raised some related concerns in a recent meeting. 

That concern was around how, when communicating with young people using a forum like WhatsApp, you can control not only the content of the messages – to prevent abuse or inappropriate language perhaps – but also protect the personal details – i.e. the phone number – of the group members. Who has the responsibility to police the conversations and the material shared? How do you do that? Where exactly is that data stored for GDPR purposes?

The problem of using third party, and often free, tools like WhatsApp (to have conversations) and DropBox (to share files) in a GDPR regulated world is not trivial. The paid-for versions are less of a problem, because you get some additional security through the SLA but also through some form of centralized management. But the convenience of free messaging and file transfer services is simply, in many cases, too easy to pass up.

Now, this isn’t a sales pitch for any specific alternative products, but it is worth just briefly explaining their thinking. The problem they are addressing is how to use messenger and file sharing applications securely, keeping it within your managed environment and under your control. Since email is now considered pretty old fashioned and an overly formal way of communicating, and instant messaging is so prevalent and easy to use, the question of how to control what’s stored there is an increasingly important one in order to prevent your data leaking out all over the place.

What’s the problem?

Take file sharing. You need to transfer a file to someone outside your organisation but it’s too big to email. Without thinking, you upload it to your personal DropBox, or maybe WeShare, and send it on. What do you do next? Do you delete that file from your personal DropBox account? Probably not. Do you stop sharing that folder with the person after they get it? Again, maybe not. Have you shredded only that file or folder? Are you sure?

So you have a GDPR problem; you don’t know where all your company data is anymore, nor who it’s shared with.

The problem from a compliance point of view is simple: if you are not in control of your data, including files and personally identifiable information, you may have a breach.

What’s the Solution?

Now here’s where I pitch using Office 365, right? Well, sort of. In fact, it doesn’t actually matter what you use, as long as you are in control of it. 

Yes, we use Office 365, and so do all our clients. Do they also use DropBox and WhatsApp? I’d be surprised if every single one of our supported users didn’t use at least one of these two things.

We only use our Office 365 account for all file access and storage, plus a limited selection of tools on our office server (no data though). We communicate almost exclusively through the Teams mobile app, again all kept within the Office 365 environment, though we also use Signal, a great – and highly secure – alternative to WhatsApp for more social messaging. 

If we need to share a document with anyone, we set a time limit on the access, and set Read Only to prevent the person from editing it. We have separate controls on sending emails to external recipients that alert us if someone has sent anything that matches certain data formats, such as a bank account sort code or account number, national insurance number, or other identifiable data, so we know if someone has sent anything outside our organisation that they perhaps should not have done.

Can you force people to use your tools?

This is difficult. It’s hard to force people not to use WhatsApp on their phones. If you provide staff with company mobiles you can manage them with things like Intune to restrict what applications they can install on them, but not their personal devices.

You can prevent people from installing DropBox on their company PCs quite easily, by restricting admin rights. You can also use basic web filtering to stop them from accessing 3rd party file sharing sites on their PC or on personal devices on your network. But unless you want to get very draconian about it, it might be more trouble than it’s worth totally restricting all these things, and there is always going to be the odd exception to the rule.

What you can do is provide the tools to everyone that they should be using and make it clear that they shouldn’t be using anything else. If you have written policies that govern this—and you should—then you should make everyone sign up to your code of practice. That way you can at least prove that you have taken reasonable steps. If someone breaches those rules you can prove that you did make it clear that they shouldn’t have used anything else, and the fault is on the user; though as the employer you might not totally escape liability.

As always, user education and awareness are key. Give people the tools they need to do their job and make it clear why they are there and what the implications are for going outside that.

If your interested in learning more, give us a call. We’re always happy to chat. 

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

Tracking Coronavirus using Power BI

Visual representations make trends and differences easy to spot. Trying to make sense of the news during the Coronavirus crisis provides a powerful example of how difficult it can be to extract meaning from raw data. Like everybody else I have been struggling to interpret the daily deluge of numbers so I can determine whether

Read More »
how to be calm and resilient during a work crisis

How To Stay Calm and Be Resilient During a Business Crisis

You can’t escape the C-word at the moment. 

And by C-word we’re not referring to “coronavirus” – nor “COVID-19” (though, you can’t escape those either).

The word of the day is crisis. Because you know what – COVID-19 is just one crisis. It’s surely not the first, and it won’t be the last.

So here’s one particularly valuable thing you can learn from this situation: how to stay calm and logical in the face of any crisis – big or small – that impacts your company.

Read More »
how to unleash staff creativity

5 (Science-Backed) Strategies for Unleashing Staff Creativity

Whether you’re the manager of a team or working on a project with a group of staff, there are times when creativity is needed.

And the more of it you can tease out from everyone, the better the results are going to be.

Now, let’s not be mistaken here… creativity is not just a thing for artistic pursuits. It’s about generating fresh ideas, thinking laterally, coming up with unique ways to solve complex problems… regardless of the field you work in.

Read More »

Want to hear what customers have to say?

Watch out customer story videos and find out today...

Cookie Notice

This website uses cookies to ensure you get the best experience on our website. Learn More.

Scroll to Top

Get the Ebook

"Your Ultimate Guide To Office Delegation"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Powerful Ideas That’ll Take Your Personal and Business Development to the Next Level"

Are you an Office Manager who’s looking for next-level ideas? You need to read this Ebook — you’ll get it for free when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? helpful articles, invites to events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Ideas That'll Help you Tame Unruly Systems and Team Members"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five High-Value Business Initiatives That’ll Provide Massive Impact and Help You Get Noticed at Work"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Subscribe to our monthly newsletter.
Get the best IT tips and Office ideas in your inbox.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.