5 Key Points to Ensure Your SMS Marketing is GDPR Compliant

As you are most likely well aware by now, the all-new GDPR regulations came into force on 1st May. These new Europe-wide regulations, known in full as the General Data Protection Regulation, set a new standard for consumer rights when it comes to their data and how companies collect, store and use it – and the implications are of great significance when it comes to SMS Marketing.

Although by now companies that already use SMS Marketing should have implemented any required changes in their practices and procedures, those who are considering introducing SMS Marketing to their mix will no doubt be keen to ensure they get things right from the outset. It is also worth checking that you haven’t missed anything if you are already using SMS.

To help ensure your SMS Marketing is GDPR compliant, we’ve prepared a summary of some of the key factors to consider.

1. Explicit opt-in

If you are encouraging customers to register for SMS Marketing as part of a general registration, it is absolutely essential that there is an opt-in for this channel that is either blank or set to ‘no’. Although this has been best practice for some time now, many websites have continued to use a pre-ticked box on such forms that sign the customer up for marketing and other communications unless they choose to opt-out.

Whether you are planning to use a new or existing form to get customers to sign up for SMS Marketing, be sure that it is fully compliant.

2. Specific SMS Marketing opt-ins

If the registration form on your website offers customers the opportunity to opt-in for a range of marketing channels such as email, post and SMS – typically referred to as a ‘bundled’ opt-in – it is now absolutely essential to set out consent individually for each channel – this translates to having a separate (unchecked) box for each and not a generic all in one opt-in as often used in the past. If you do not have a checkbox for SMS Marketing, now is the time to make sure one is added.

Although the requirement for a specific opt-in for SMS Marketing did technically exist already, the position is much more strongly enforced under GDPR, as is the need to retain a clear record the permission given for this channel.

3. Withdrawing permission / opting out of SMS Marketing

Again, under existing legislation prior to GDPR (see our article on PECR regulations here), it was already a requirement to provide customers with the opportunity to opt-out of receiving future SMS Marketing communications. This is further enhanced by the new GDPR rules. There is now a clear requirement to make it as easy for customers to remove consent as it was for them to grant it, and they must always be aware that they have the right to remove consent – in plain and simple language that is easy to understand.

For SMS Marketing, this means including an opt-out option in every message – which those already using SMS marketing should have already been doing. It is also essential to ensure that the option to opt-out of SMS Marketing communications is available elsewhere, for example via an obvious, dedicated link on your website. Finally, your terms and conditions should also make clear how to specifically opt-out of SMS communications, as well as other channels.

4. Named parties

Under the PECR legislation, permission for SMS Marketing is explicitly limited to communications from pre-approved parties that are relevant and relative to the original product or service that the opt-in was related to.

The laws in place prior to GDPR also already made it clear that the customer details could be used only by the party to whom permission was granted.  Under GDPR, this remains relatively unchanged, however, there is an increased focus on ensuring that the party to whom consent is being given is clearly identified at the point of sign-up. For example, even though a customer may be registering on the Tesco website for SMS Marketing from Tesco, it must be made clear that they are granting permission to Tesco as a named party – it cannot simply be implied or assumed.

5. Managing personal data

No matter how you collect the personal data for your SMS Marketing list, be it through your website, handwritten sign-up forms or direct SMS messaging, the GDPR places strict rules on how you manage this data. Key considerations include:

• Ensure your organisation has a good understanding and documented record of the data held and the permission to use it.
• Check if it is now necessary to gain or refresh consent for the data you hold – in the case of SMS Marketing lists, there may well be a need to ask customers to refresh their permission.
• Ensure there is a defined policy for how long personal data is retained, to make sure that it is not retained unnecessarily and ensure it’s kept up to date. You should also have an effective system for managing opt-outs to ensure that such users wishes are respected.
• Ensure that data is being held securely, considering both technology and the human factors in data security.
• Establish whether you are a data controller, data processor or both and that your organisation has the correct legal arrangements in place?

Although it is easy to feel daunted by the new GDPR legislation, it is important to remember that in the main, those companies who have already been following best practice in their marketing and data protection activities will find that the majority of the requirements are already satisfied. If, however, you remain uncertain it is highly recommended to seek independent, professional advice at the earliest opportunity.

Disclaimer – This article is intended only as general information. It is not intended to be comprehensive or to constitute legal advice. If you need help on a specific issue please seek advice from a qualified legal representative.

At Fastsms, our award-winning team of experts are available 24/7 to help your business to make the most of SMS Marketing, one of the most effective and efficient forms of marketing currently available. Call us now on 0800 954 5305 to discuss your needs and find out just how easy it is to make SMS Marketing work for you.