If you want to use WhatsApp for student recruitment, learn more about that in WhatsApp Business App tailored to universities. Today we will be discussing 10 GDPR points for universities to comply with while using WhatsApp.
The post and some other research were also the basis for a workshop held last week at #SPacademy, where I got many questions on GDPR. Therefore, this blog post is to help schools and universities be in-line with GDPR while using WhatsApp.
1. Prospective students contact you in any way that is not WhatsApp
If the prospective students contact you on a fair, via an email, through your contact form on your website, with a call, from an agent, Skype etc. – basically everything but via WhatsApp, then you are not allowed to reach out to them through WhatsApp unless you have an explicit opt-in (e.g. via a checkbox or a non-required field in the form as in the screenshot above – from a test though). Based on Article 6.1 and 7.2 GDPR
2. Prospective students contact you via WhatsApp
If the students contact you directly through WhatsApp (e.g. with a form or a direct link), their action is a sign of “a clear affirmative action” (Article 4.11) to have the data being processed by you.
3. Reaching prospects whose details you got from another party
If you want to reach to students whose details you got from another party – simply do not reach out to them on WhatsApp, unless they have given consent to this to the other party, which I doubt at this point. If they have given you their mobile number without an explicit WhatsApp consent, you can write them one message on WhatsApp telling them that they can reach you also on WhatsApp for questions regarding studying at your institution and that you will delete their contact details on WhatsApp after this message (based on Article 6..1 f). A response from them automatically starts a new conversation and is a sign of clear confirmative action.
4. Storing data on WhatsApp
Where WhatsApp is storing the (encrypted) data is an issue for WhatsApp, not for the education institution and WhatsApp is working on adhering to the law.
5. Storing personal information on your phone
Still, you are storing the personal information at least on your phone, maybe also the contact details on GooglE. Your obligation is to inform the students about the data stored, especially about the following points:
- The person responsible for the data protection at your institution
- The purpose of the storing of the information
- Its legal basis
- How long you store it for
- The rights to have it deleted and to complain to the authorities
6. Example declaration text for the greeting message available in WhatsApp Business
We have put together an example declaration text for the greeting message available in WhatApp Business App. If you set it up accordingly the student will receive the following text automatically at the beginning of your WhatsApp conversation. Feel free to use/modify it to your needs/your interpretation of the law (but beware of the character limit).
“Thank you for your interest. To comply with the EU law on data protection, we happily tell you that we store your information/this conversation together with your phone number to answer questions you have about our university. We can only do this because you have given us consent in a form or by reaching out first. We will keep this information until we haven’t heard from you for 1 year or until you want us to delete it. For any further questions on storing this information, you can reach John Doe at john.doe@princes-education.com. In case of a complaint, there is an authority for this.”
7. The text omits some points consciously
- If any of the data collected is necessary for the collaboration – This is left out, because the nature of WhatsApp indicates storage of data for non-legal information. If you use it for students to send and receive application documents or similar important information, you should mention this point.
- WhatsApp allows you to see when a person was last online or is typing something at this moment – left out, as it is not really stored, but can be overwritten at any time by the student. The same logic is applied relating to the profile picture. As the student voluntarily uses WhatsApp in the conversation with you and your institution, all WhatsApp features become visible to the institution and all can be changed by the student at any time.
- There is a conscious trade-off made to provide clear or concise information to the student and how unaware is the student of the information being shared with the institution; especially as some functions in WhatsApp have character limits, which ensure this initial declaration is received timely and by all your WhatsApp contacts (i.e. with the “Greeting message” function)
8. After you have informed the prospects about their rights, you can start contacting them
9. Your prospects joining a group
If you want them to join a group, you are not allowed to simply add them to a group. You can invite them with a group invitation link and at some point, there might be a feature, where other group members do not see each other’s details, but for now, this feature is not live.
10. Deleting your prospects’ data
If you write to delete their data at a certain point, you also need to put a process in place. Luckily, WhatsApp sorts the conversations by recency. You can easily find who you haven’t spoken with for a year and then delete their contact details as well as the chats. But someone needs to have this in their job description.
These 10 GDPR points for universities to comply with while using WhatsApp are recommendations based on the interpretation of the law. I would love to hear in the comments where this interpretation of the law differs from yours. Tell me how much you like or dislike it and anything else that comes to your mind on this topic.
Thanks for taking the time to read our blog post on 10 GDPR points for universities to comply with while using WhatsApp. At faethe.marketing we have been helping schools to increase student enrollments since 2010. If you are looking to recruit the best matching students for your programmes with minimal cost and effort, feel free to reach out to us.