The B2B digital solutions specialist
Building a strong audience is understandably a key concern for anyone running a new WhatsApp channel, but rather than simply focusing on numbers, it’s important to make sure activity is on the right side of the law too.
GDPR (General Data Protection Regulation) has become an acronym all marketers have become familiar with since its launch in 2016 to protect the use of personal data – and while it’s mainly known in relation to email, it’s relevant for business WhatsApp messaging too.
Put simply, keeping within GDPR guidelines is crucial, as sending unsolicited WhatsApp messages is a breach of rules and can incur a warning or a fine if neglected.
WhatsApp usage comes with various GPDR risks if not correctly managed. Three of the most common are:
Sending customers messages without the correct permissions in place
Just like with email, businesses need the correct permissions to send marketing collateral by WhatsApp, so checking what your audience has agreed to be sent is an important first step.
Depending on your terms, customers may have simply agreed to email marketing, whereas there are other examples of permission for general marketing activity, which covers WhatsApp. For this reason, it’s best to err on the side of caution to your customers and get explicit permission to send WhatsApp messages to them rather than assume it’ll be ok.
Therefore, when setting up a business WhatsApp channel on ProConnect, we advise that the first message should outline the sort of content you’ll be sending from your channel and ask people to confirm they’re happy to receive messages from you. Including a clear way to opt out of receiving messages – just like with email – is advisable in each message you send.
A responsible WhatsApp service provider will offer guidance on keeping on the right side of GDPR and opt-out policy, but it’s important to run through the process before agreeing to launch a new channel.
Employees messaging customers from their personal phones
WhatsApp usage is already rife within companies, although usually in unofficial ways. Most commonly, employees are messaging customers from their personal phones and while this may be about work-related updates, this is still potentially a breach of GDPR.
Unless numbers have been provided to an individual by a customer, if an employee has accessed a database of numbers to obtain the contact details, this is a GDPR breach. If that number has been added to a group that shares marketing messages sent by an individual, that will also break data usage rules without express permission to do so.
We’d recommend that all WhatsApp messaging should be either sent through official business accounts or by employees with business phones, with personal WhatsApp usage for business updates banned completely.
Customer groups displaying members’ names and numbers
Using free WhatsApp groups to communicate with your customers is full of risk for businesses, with open messaging for each member and a lack of scalability fundamental issues.
But the biggest risk of using the group functionality is that everybody in the group can access each other’s phone numbers and names – meaning every customer added to the group is having their personal data shared publicly.
It goes without saying that openly listing the phone numbers and names of your customers is a huge no-no and can land businesses in hot water.
Paid-for platforms that use the WhatsApp Business API ensure data privacy, meaning messages can be sent on scale to customers in a secure setting – creating a series of one-on-one communications rather than leaving them open for all.
Don’t forget – Even if you get your WhatsApp permissions and usage correct, it’s crucial to ensure your WhatsApp service provider is able to delete customer data within 30 days if requested – it’s a key part of staying compliant with GDPR.
Offices 13 B & C, Innovation Centre, Warwick CV34 6UW, UK
Email: hello@b2b.store • Tel: +44 (0)1926 298867
© 2025 B2B Store • Company No. 03956929
