Why schools shouldn't use Whatsapp
There are a number of serious concerns about using Whatsapp for school communications. First, Whatsapp says it should not be used for business; it is against their terms and conditions. Second, it is not compliant with GDPR. Third, there is no way that a school can access the content should it need to; there is no audit trail whatsoever. (Some schools have asked about use with students, the age limit set by WhatsApp's terms and conditions is 16.)
Whatsapp is owned by Facebook and data can be shared between them. Although Whatsapp have a business app, this is for businesses to link with their customers (ie the public), not designed for private chat within an organisation.
Whatsapp terms of conditions say that data is transferred to countries around the globe including the 'United States and other countries globally where we have or use facilities, service providers, affiliated companies, or partners, regardless of where you use our Services'. This is forbidden under GDPR, as UK data must be processed in the EU. Data can be processed in the United States under an agreement known as Privacy Shield. However, since Whatsapp shares data with a third-party organisation, Facebook, I believe this would not be compliant, even with Privacy Shield.
Whatsapp say 'You must access and use our Services only for legal, authorized, and acceptable purposes. You will not use (or assist others in using) our Services in ways that...(f) involve any non-personal use of our Services unless otherwise authorized by us.' In other words, no business use (see Terms and Conditions)
Before using any product that processes personal data, data controllers should analyse terms and conditions, make a formal risk assessment and achieve sign off at an appropriate level, agreeing the use of the product. You may also wish to discuss this with your legal provider.
This article explains some of the issues: https://www.9ine.uk.com/newsblog/whatsapp_communicating_in_schools
Another one is here: https://www.beekeeper.io/blog/why-you-shouldnt-use-whatsapp-for-business-communication/
I've been reminded about schools using Whatsapp during this current crisis, so this question has come up a few times. I'm currently exploring a product that provides groups messaging called 'Guild' which businesses use for its compliance to GDPR and has high-level security to keep information within the corporate company. Each business account has a administrator that manages the product. At any time business customers with appropriate admin access can export data submitted to the customer’s messaging groups for the purposes of an audit trail. All Guild's features are available free for unlimited members! A paid account is only needed for custom solutions and support in their Enterprise plan.
Guild can be found here: https://guild.co/
Guild: use for remote working: https://guild.co/blog/how-to-use-guild-for-remote-working/