WhatsApp in the workplace: Is it legally safe? Artwork

Clarkslegal Law Bites

The Clarkslegal Law Bites offers guidance and insightful discussions on the latest topics for businesses and individuals covering employment, immigration, corporate, construction, property, litigation and more.

All Episodes

Clarkslegal Law Bites

WhatsApp in the workplace: Is it legally safe?

June 16, 2025 • Clarkslegal

WhatsApp is a convenient and quick way to communicate with colleagues and clients, but is it legally safe to use in the workplace?

In this podcast, Lucy White and Monica Mastropasqua, members of the Data Protection team at Clarkslegal, will address frequently asked questions from clients regarding the use of WhatsApp at work.

Key topics include:

The difference between personal and professional boundaries when using WhatsApp
The fact that WhatsApp messages are not stored on company servers
The widespread use of WhatsApp on personal devices
Commonly overlooked issues related to data retention and GDPR compliance
Steps employers can take to mitigate risks

If your organisation needs help reviewing your GDPR policies and practices or employee training on data protection requirements, please contact our Data Protection Lawyers.

Lucy White 00:07

Hi everyone, I’m Lucy White, a Senior Employment and Data Protection Solicitor here at Clarkslegal. And today I’m joined my colleague Monica, a trainee within the employment department to discuss the use of WhatsApp in the workplace.

Monica Mastropasqua 00:22

Hi Lucy, thanks and hello to all our listeners. Today, we're tackling a topic that comes up time and time again with clients: the use of WhatsApp in the workplace. WhatsApp is a convenient and quick way to communicate with both colleagues and clients. But the question is: is it legally safe?

Lucy White 00:43

That’s right Monica. With nearly 40 million users in the UK alone, WhatsApp has become a go to tool, not just for chatting with friends and family, but also for planning team meetings, sharing files, and even handling sensitive work conversations. But while it’s incredibly user friendly, its usage raises unforeseen risks under the UK GDPR and broader employment law.

Monica Mastropasqua 01:10

Yes. In fact one of the biggest issues we see is the blurring of personal and professional boundaries. WhatsApp was never really designed for workplace communication, and it tends to encourage more informal conversation than would be used in emails. This informality can be great for building rapport in teams, but it also creates risks.

Especially when what starts as casual conversation crosses a line. Under the Equality Act, if a discriminatory or offensive comment is made in what’s seen as the “course of employment,” the employer and the employee can be liable. If the chat is predominantly used for work related communications, there’s a real risk of those informal chats becoming formal evidence, let’s say, in an Employment Tribunal.

Lucy White 02:05

That’s right. Another problem is oversight. Unlike emails or company-approved platforms, WhatsApp isn’t stored on company servers. Employers can’t easily monitor or retrieve messages, or prevent unauthorised sharing of sensitive data. That came into sharp focus with the NHS Lanarkshire Hospital case in 2023 where the hospital was reprimanded by the ICO after patient data, including sensitive medical information, was shared via WhatsApp. That’s a major breach of data protection obligations.

And then there’s the practical reality: most people use WhatsApp on their personal devices. If a phone is lost, stolen, or hacked, any sensitive company data on it is at risk.

Unlike with company-owned laptops or devices, employers don’t usually have mobile device management software in place for personal phones. That creates a massive blind spot from a GDPR perspective.

Monica Mastropasqua 03:12

Yes Lucy, in fact, Data Retention and GDPR Compliance are often overlooked. GDPR requires clear policies on how and when personal data is deleted. WhatsApp’s architecture makes that very hard to control.

Messages can be edited, deleted, or sent privately, with no reliable audit trail. For companies trying to show compliance, that’s a nightmare. Especially if the data sits in a grey zone between personal and professional use, so the employer cannot reasonably demand records of all the data.

Lucy White 03:53

So what can employers do? There are practical steps employers can take without banning WhatsApp outright which, let’s face it, is nearly impossible to enforce.

First, consider using a dedicated, business-grade platform. Tools like Microsoft Teams or Slack offer far better control, logging, and admin features, all while encouraging a collaborative culture.
Second, don’t ignore the issue. If you know WhatsApp is being used, address it in your policies. Lay out clear guidelines for appropriate use, what is and isn’t acceptable, and how personal devices should be handled.

And third provide training. Employees often don’t realise the legal implications of their messages, especially when it comes to data protection and discrimination laws.

Also think about technical solutions, like requiring encryption on devices, restricting work communications to company phones, or at the very least, securing explicit employee consent for using personal devices for work purposes.

Finally, importantly, document that consent. Keep a record of it. If you’re ever questioned about your GDPR compliance, that paper trail could be your saving grace.

Monica Mastropasqua 05:22

Thanks Lucy, I think those are really useful tips. Let’s walk through a few examples. First up: An employee, lets call him Ben, sends a photo of a whiteboard from a team meeting to a WhatsApp chat for his team. The team includes his current team, but also some former staff.

Lucy White 05:44

Ok, so it’s very likely that Ben has made a big mistake there. That whiteboard could easily contain other people’s personal data, and probably confidential company information or trade secrets. Not only is there a risk of that information being further shared if any of the group’s phones are lost or stolen, there is an immediate risk of the ex-employee. Unlike with company systems, where ex-employees will be removed by the company, on personal WhatsApp groups its up to the ex-employee to leave, or the admin to remove them.

Monica Mastropasqua 06:18

That’s right, Lucy. We recommend that if you are using WhatsApp groups for your work teams, you ensure that the manager of that team is also the admin of the group and that it is their responsibility to ensure that ex-employees are removed.

Lucy White 06:35

Thanks Monica. Let's have a think about another example.

Ben is messaging his colleague Sarah. They only usually message about work matters on WhatsApp. One day Ben sends Sarah a message making a joke about another colleague. Sarah doesn’t find it funny, and thinks its discriminatory and makes a complaint.

Monica Mastropasqua 06:59

So this is a great example of where the informality of WhatsApp can blur lines. Ben likely would never have sent that message via email. The first question an employer should ask is, was it in the course of employment? Ben might say that it was a message sent on his personal phone to a friend, not related to work. However, as Ben uses his phone for work purposes, and messages Sarah only for work purposes, it is likely that this would be considered in the course of employment.

Lucy White 07:34

That’s right Monica. Its always best to er on the side of caution in these areas, particularly where a complaint is raised because of the behaviour.

Monica Mastropasqua 07:43

Yes Lucy. And finally: An employee deletes a message thread after a dispute, thinking it’s gone for good.

Lucy White 07:53

That’s a nightmare for data retention and legal discovery. If there’s a Subject Access Request or an employment tribunal, those messages might be needed as evidence. But if they’re deleted, edited, or shared privately, it’s almost impossible to track. Its also very difficult generally for employers to search out this evidence without the employee’s assistance and consent.

Monica Mastropasqua 08:18

It’s clear that while WhatsApp can be a helpful communication tool, it needs to be used carefully in a workplace setting. Employers have to be proactive in balancing convenience with compliance.

Lucy White 08:33

Absolutely. So whether you're HR, in-house legal, or a business owner, now’s the time to review your policies, check your practices, and seek legal advice if needed. And as always, if you're unsure, we're here to help.

Monica Mastropasqua 08:48

Thanks for listening our podcast. And if you have a legal question, get in touch. Until next time, take care and stay compliant!