Welcome to #WeekendWisdom number 81. This week we’re going to talk about Smartphone Messages and GDPR.
This sounds data protectiony
This is a rare data protection post by me. I was reminded this week of a rare enough situation which most my clients don’t ever come across this before.
One of them received a subject access request from somebody whose personal data they were processing. Now the scope of this access request was the person wanted access to copies of emails and messages – text messages, WhatsApp messages – that were relating to them. My client called me up and asked
“Are they entitled to get access to our messages on our phones?”
Smartphone Messsages and GDPR … Really?
I explained to them a message on WhatsApp or on a text message is kinda just like an email. It’s the record of somebody’s personal data. If they’re included in there somehow, someway their personal data is there. That would be a valid scope for a subject access request.
So, Yes text messages would form part of a subject access request and therefore the individuals are entitled to get a copy of them.
What should you do about this
So keep that in mind when you’re building your data protection policies or your reviewing them, to make sure you might have already covered off dealing with email but also make sure you cover off things like WhatsApp messages and text messages as well because they’re also in scope.
So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.