Several regulatory agencies regulate companies that deal with users' data, but specifically in the UK, they are regulated by the European Union General Data Protection Regulation (GDPR). The techniques of handling and processing data, rights of users, sanctions for defaulters, and other regulating clauses are formulated and implemented by these agencies to minimize the exploitation of the masses. Data regulation and management are essential because companies managing users' data are expected to handle data with care, caution, and due diligence. However, WhatsApp (arguably the most powerful instant messaging application in use) has been involved repeatedly in several cases that compromised the security of its users’ data over the years. The platform has become a prime target and medium for predators (con artists, fraudsters) with intentions to access users' data (phone numbers, last seen, live location, and others) for vile purposes. These cases include leaked data that could be used for marketing purposes, phishing, impersonation, and fraud. This paper highlights recent cases of data security (data leakages) and privacy policies involving WhatsApp, examining the various issues that threaten WhatsApp users and make them vulnerable to exploiters, cybercrime, and con artists. It also considers how WhatsApp can protect its users against vulnerabilities. Also, the European Union GDPR was examined in line with WhatsApp's privacy policy to measure compliance with the regulation in light of recent data breaches.