Are Your Shadow UC Users Leaking Your Data?

Third-party UC app users under threat following GDPR

Are Your Shadow UC Users Leaking Your Data?

As the new General Data Protection Regulations (GDPR) come into play next year, many businesses still using non-compliant Shadow UC applications to transfer client data and information run the risk of receiving a series of crippling fines.

From March 2018, the GDPR will begin cracking down heavily on businesses that fail to comply with the new rules and this could mean serious trouble for, according to this report, the 98% of businesses that still use non-compliant cloud-based applications.

Far from an idle threat, the fines businesses could receive should they be caught operating outside of the new regulations after the set date equate to as much as 4% of a business’s annual turnover or €20 million (whichever is greater).

For many companies, the damage fines of this magnitude would cause could be irreparable and finding a way to prevent them from happening must become a number one priority before it’s too late.

In order to explain exactly what risks are involved and what steps can be taken to prevent them from occurring, we have written a detailed report on what Shadow UC is and what businesses can do to ensure they don’t fall victim to the new regulations.

What is Shadow UC?

Shadow UC Users Could Face Hefty Fines In 2018 body

Post-GDPR use of consumer cloud apps for business could be a huge risk

In a nutshell, Shadow UC is a term we apply to any third-party cloud UC applications used by businesses that have next no control over the data they transfer.

If, for instance, a business is using Skype (consumer edition), WhatsApp, Facebook or any consumer-level communications application to transfer their client’s information, they are exposing said data to third parties that are in no way connected to the business.

As a result, the privacy of said data is never truly safe and businesses are much more at risk of security breaches, interceptions and hefty fines from the government.

Why do businesses use Shadow UC?

One of the main reasons people still use third party communications applications is due to the fact that the business they work for has failed to implement business-grade alternatives into their infrastructure.

Over the last few years, we’ve seen a sharp increase in the number of people choosing video calling and web conferencing channels to communicate both internally and externally.

If a business has failed to register this rising trend and not provided its employees with a UC solution that operates in compliance with the GDPR, employees are forced to engage in this way through consumer-grade or unlicensed alternatives irrespective of how risky they are.

Another reason people still use Shadow UC apps is due to the fact that they feel uncomfortable with or incapable of using the business-grade UC software available on their company network.

Poor user adoption is a common problem for businesses that have failed to implement their digital transformation (DX) properly and, as a result, many users feel unqualified to operate or resentful towards using the new technology that has been poorly introduced in their working environment.

Moreover, a common misconception with regards to Shadow UC is that it is a much cheaper alternative that requires no extra cost and enables the business to communicate through these channels without having to invest any capital. Though this may be true for consumers, the relatively low cost of investing in business-grade cloud UC applications is infinitely dwarfed by the harsh fines businesses will suffer if they fail to meet compliance after GDPR takes place.

What can businesses do to overshadow Shadow UC?

User Adoption

First of all, it is key to find trustworthy providers such as Avaya, BlueJeans, BroadSoft, Cisco, Fuze, Mitel, NEC, RingCentral and Unify who deliver both high quality UC solutions and a great deal of ongoing to support for businesses to help them complete their digital transition successfully.

As we mentioned previously, poor user adoption is often a result of poor training and finding a service provider that promises to help businesses fully understand the product and train them on how it can benefit them personally rather than the company as a whole is key.

Another essential thing to take into account is BYOD integration that allows users to utilise these apps from their personal devices, much in the way they use consumer apps like WhatsApp and Facebook chat. Convenience, after all, is the ultimate benefit and if a user can access business-grade IM, Video Calling, Video Conferencing and more directly from one device, they’re much more likely to use it.

In order to help further improve user adoption rates, we advise monitoring usage data and perhaps offering some form of incentive to encourage users to engage more on these platforms i.e. the user who makes the most video calls through the UC app wins a dinner for two at the local restaurant or a pint at the pub after work.

UC Deployment

For many businesses, there is a false concern that implementing business-grade UC will be too time consuming and unlikely to deliver a valuable return on investment.

However, GDPR fines aside, a good business-grade cloud UC solution can be implemented quickly with minimal disruption and can offer innumerable cost-benefits and productivity enhancing features that boost user performance and help bring the team together better than ever before.

If we were to use a teams collaboration app, for example, here businesses are given an all in one solution that provides all the necessary features a business needs to communicate and it can be accessed on any device from any location. As well as eliminating the threat of fines by ensuring all communication is held within the rules of compliance, businesses and their users are able to collaborate freely from a single application rather than having to route through multiple personal accounts.

UC Today Opinion

Though it may have been a convenient option for businesses in the past, you could say that the oncoming threat of GDPR and the widespread availability of cutting-edge business-grade UC solutions on the modern market has ‘overshadowed’ Shadow UC.

In conclusion, all it takes to avoid the risks of devastating fines is to find a UC service provider that you can trust and will help you build the best solution to support your business from the present into the future.

Got a comment?

1 Comment
AvatarConnor 09:11, 02 Nov 2017

Using Shadow-UC in a business is unprofessional and primarily insecure. Nowadays there are so many secure alternatives that actually do not share any data (or metadata) with third parties. For instance, you can check out Swiss Messenger Threema Work ( and there are many others. If it is bad (in terms of privacy) to use Apps like WhatsApp for normal users, it is devastating for businesses.

Reply to this comment

Please login to comment


Popular Posts

Related Articles