All client, contract and project communication should be undertaken by email, face-to-face, ISL chat or telephone and should be recorded in electronic or physical form.
The use of text messaging from company phones, or company SMS accounts is permitted as long as screenshots are taken and recorded on file.
The use of non-GDPR compliant messaging providers (such as iMessage and WhatsApp) for business purposes is explicitly prohibited and should be reported as a data breach which may result in disciplinary action as:
This data may move outside of the EU
This data is not recorded in such a way as it can be provided to individuals in the event of a data-access request
On receipt of a message using one of these routes, a response should be made via email or voice call and should include a friendly and professional note that for reasons of GDPR and professional standards compliance we can not use the preferred form of communication. A note should also be made on the clients files to record the communication.
We make best efforts to keep all personal data and communications within the EU unless required to leave the EU (such as the client being physically outside the EU at time of communication). Some email communication may travel via servers outside the EU. This is not under OMS’ control. In this instance, should the client require it, GPG encryption can be used upon request.