Regulation, in plain English.
What each law means for your business, what Go4whatsup does about it, and where your team still has to sign off. No lawyer-speak.
Four regulations. Four cards. One call if you need more.
General Data Protection Regulation
EU law governing how any company (anywhere) processes personal data of people in the EU. Applies to you the moment you have one EU customer.
Digital Personal Data Protection Act
India's data protection law, effective 2025. Specific requirements around notice, consent, children's data, and cross-border transfers.
UAE Personal Data Protection Law
UAE federal law (Law No. 45/2021) governing processing of personal data in or from the UAE. Sector-specific rules layer on top (healthcare, finance).
WhatsApp Business & Commerce Policies
Meta's own rules on opt-in, message templates, marketing categories, and prohibited content. Violation means template rejection or number suspension.
What's included by plan
Every paid plan is compliant by default. Enterprise adds controls required by regulated industries.
| Control | Free | Growth | Enterprise |
|---|---|---|---|
| GDPR-compliant consent flow | ✓ | ✓ | ✓ |
| DPDP-aligned notice & consent | ✓ | ✓ | ✓ |
| Right-to-erasure & data export | ✓ | ✓ | ✓ |
| Standard signed DPA | — | ✓ | ✓ |
| Custom DPA & sub-processor addendum | — | — | ✓ |
| Data residency choice (India / APAC / UAE) | — | APAC default | Any region |
| Immutable audit log | — | 90 days | 12 months |
| SSO / SAML | — | — | ✓ |
| Sector profile (healthcare / fin-serv) | — | — | ✓ |
| Breach notification SLA | 72 hrs | 48 hrs | 24 hrs |
Need a custom DPA, security review, or sector-specific controls?
Tell us which regulation, industry, or framework you're working under. We'll route it to our compliance team and come back within one business day.