GDPR-compliant use of WhatsApp not possible
Even if some companies allow the use of WhatsApp on company cell phones or for exchanging information on business topics – WhatsApp cannot be used in companies in a GDPR-compliant manner.
The reasons for this are diverse. One of the most obvious reasons is that the instant messaging service automatically sends the contacts in address books to its server and stores them. However, there is no legal basis for making this contact information available to WhatsApp. As a rule, there is no documented consent.
Even if consent was given, the company with WhatsApp would still violate fundamental provisions of the GDPR. The instant messaging service also collects location data. There is no legal basis for this either. The risk here is particularly high, since a movement profile can easily be created using the location data.