29 May 2017
Blog » Compliant Enterprise Messaging for the General Data Protection Regulation
Recently we wrote a blog post on the European General Data Protection Regulation (GDPR) and the WhatsApp problem of enterprises. On the one hand we highlighted the demanding data protection requirements for enterprises and the heavy fines due the GDPR. On the other hand we described why WhatsApp is not compliant with the GDPR and that the usage of WhatsApp for business purposes is a critical issue under the GDPR. As a consequence businesses should deploy a secure enterprise messaging app before the GDPR becomes into effect, in order to ensure strong data protection and compliance with the GDPR. Today we want to look into the necessary features of a secure enterprise messaging app (like e.g. Teamwire) to fully meet the requirements of the GDPR:
No Address Book Storage
An enterprise messaging app should not store the address book of a user. If an access to the address book is required, then the emails or phone numbers should be converted before a synchronization to one-way encrypted values (e.g. SHA256) that cannot be changed back. These converted values should be used to synchronize and show potential contacts. It is important that these pseudonymized values get immediately deleted from the servers of the enterprise messaging app after the synchronization.
Minimization and Pseudonymisation of Personal Data
Personal data of users should ideally not be used and not be stored (principle of data economy). If personal data is necessary to provide the messaging service then it should be pseudonymized and encrypted as far as possible in order to meet the GDPR. The data should be changed by the enterprise messaging app with strong cryptographic algorithms in such a way that the resulting data cannot be attributed to a specific user without the use of additional information.
No Collection or Analysis of Messaging Meta Data
The meta data of the messaging communication could be used to generate user profiles and give insights into user behavior. In general there should be no unnecessary collection or analysis of meta data by the enterprise messaging app. Therefore meta data should not be stored unless it is required for specific features of the enterprise messaging app (e.g. multi-device synchronization, message archiving).
Private Messaging by Design
The GDPR requires that the enterprise messaging app complies with the privacy by design principle. The enterprise messaging app should have been designed right from the start with the inclusion of strong data protection. The app should have been made for messaging and sharing privately with business colleagues and teams, and should give full privacy and compliance control to the enterprise.
Data Loss Prevention
An enterprise messaging app should allow enterprises to configure policies to protect sensitive personal data and information on mobile devices, tablets and desktops, and prevent an accidental disclosure that could be in conflict with the GDPR.
Clear Consent How Personal Data May Be Used
A business and its employees must give the enterprise messaging app a clear and affirmative consent to the processing of personal data.
Transparency of Personal Data Used
In order to be in compliance with the GDPR the enterprise messaging app must provide detailed information what personal data is used, why the usage is required and what is done with the data. An enterprise must have complete transparency on the personal data used by the enterprise messaging app.
No Data Storage or Transfer Outside the European Union
The GDPR demands that the strong level of data protection is not undermined by transferring data outside the European Union (EU). Unless very strong guarantees are in place, data should not be transferred or stored outside the EU. The enterprise messaging app should fully operate in the EU and store and process all data in countries of the EU.
Secure Integrations and APIs
Integrations and APIs are potential leaks for personal data. Integrations and APIs could transfer data to other services, outside the EU or to other organizations without the enterprise being informed or in control. An enterprise messaging app must have built all APIs by itself with a strong privacy concept in mind (e.g. no insecure third party integrations should be deployed that might direct personal data via cloud services in the USA). The integrations and APIs in use need to be transparent and under full control of an enterprise.
Data Protection Officer for Compliant Processing
The enterprise messaging app must have appointed a data protection officer that is responsible for compliant processing of user data and ensures record keeping requirements in accordance with the GDPR.
Audit Logs for Internal Record Keeping Requirements
Especially important for the record keeping requirements are audit logs. The audit logs of an enterprise messaging app should give a chronological record of operations and need to keep track of all administrator activities as well as important user events.
An archive of the messaging communication of an enterprise is not only required for compliance reasons and audit-proof, but is going to be important for the GDPR as well. If a business needs to find out where personal data has been exchanged, it might be necessary for an enterprise to search the messaging archive. An enterprise messaging app must provide a searchable archive, that can only be accessed by selected data protection officers in order to protect the personal data and comply with the GDPR.
Options for Complete Data Erasure
For the GDPR on the one hand the enterprise messaging app must allow businesses to delete single users and all related personal data. On the other hand the enterprise messaging app must enable businesses to delete older data from the servers and - for example if an enterprise wants to terminate its account - to completely erase all data related to that enterprise from the servers.
Portability of Messaging Data
Businesses must be allowed to transfer the messaging data to other services. The enterprise messaging app should provide the communication data in a commonly used machine readable format upon request (e.g. XML, PDF).
Security Breach Monitoring
24/7 monitoring has always been important for enterprise messaging apps to ensure high service availability and protect against security breaches. With the GDPR the monitoring of security breaches becomes especially critical, because the enterprise messaging app needs to inform its customers and users without undue delay and within 72 hours.
If you have questions about these features, need to ensure that an enterprise messaging app is in compliance with the GDPR or want to understand how Teamwire meets the data protection requirements of the GDPR, then please contact us.