GDPR: Here’s What You Need to Know for Your SMS Messaging
The effort to protect individuals’ information began way back in 1981 when the Council of Europe Convention 108 voted to make it a priority. Fast forward to 2016, and the General Data Protection Regulation (GDPR) was approved by the EU to bring the concept into the modern era.
Even though the UK voted to exit the union, it’s been made clear that the UK intends to follow the GDPR. It sets the highest standards for protection and gives control to the individual over how you use their data. It’s set to take effect in May 2018.
In preparation, the Information Commissioner’s Office (ICO) has started publishing guidance on how businesses and organisations will be impacted. If you’re using SMS messaging, you’re already aware that you need permission before contacting anyone. One of the major aspects of the GDPR is the changes for obtaining consent.
Right now, there are two different opt-in options: soft and hard. It appears that the soft opt-in may not be allowed and there are additional requirements for hard opt in. Here are some of the highlights from the ICO documentation so far:
“Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of consent by default.”
“Keep evidence of consent – who, when, how, and what you told people.”
These tie into the updated definition of consent shown here:
They sum it up as follows: “In essence, there is a greater emphasis in the GDPR on individuals having clear granular choices upfront and ongoing control over their consent. “
The Good News
The changes aren’t all bad news. It turns out that if you’re already complying well with the existing Data Protection Act, then you’re in good shape. That doesn’t mean you don’t need to take steps though.
The ICO released a twelve step checklist for organisations to use in the coming months to work towards compliance. The GDPR involves more than just consent and touches on all the gathering and processing of personal data.
Another potential positive side effect of the GDPR is that the more stringent opt-in requirements mean that you’ll have less “casual” people on your SMS lists. People need to be more deliberate in giving their permission, which means those that do may be more motivated to take action.
So whether you are running an SMS marketing list or a list for a non-profit, it means you’ll have more success. Your ROI, however you measure it, should improve.
The ICO is maintaining a webpage with links to their blog, events, and latest publications on the GDPR. You can check it for updates, or sign up for their newsletter.
Our account managers and support staff are also ready and able to address any questions about the changes too. Feel free to contact us via Live chat, email or phone.
Yet another company (Quigley and Carter Limited) have been fined by the ICO for not having permission to send SMS messages. In this case, they had outsourced their marketing to a third party who then sent messages on their behalf. So is staying compliant with the regulations regarding SMS messaging so difficult? It doesn’t have to be.
In last week’s blog I covered how the Trump campaign sent unsolicited SMS messages to voters. This week I’m stuck on the same topic, but from a totally different angle: what we can learn from that failure. Because honestly, their biggest issue might not be violating the law. It might be the people they have writing their SMS messages. It’s time to dissect the message that spawned the law suit, and learn what we can from it.
Can you send SMS messages to whoever you like whenever you like? If that's what you believe read this article which explains what restrictions apply to broadcast messaging, what is the best way to build a permission based SMS marketing list. Understand that and you can safely make a start.
The PECR Regulations, better known as the Privacy and Electronics Communications (EC Directive) Regulations 2003 are one of the most important pieces of legislation affecting those involved in SMS Marketing. They exist to safeguard the privacy and use of personal information when used for direct marketing through electronic means, including communications by SMS. Parts of it crossover with the Data Protection Act 1998 (DPA) and where it does so, both pieces of legislation should be complied with. Unlike the DPA, the PECR is obligatory whether or not you process personal data in the course of your business. Read this essential guide to PECR for SMS Marketing to ensure you know everything you need to know.
When you start using SMS marketing, one of the first decisions you need to make is whether or not you’ll need to get replies. If you do, then you’ll need to decide between shortcodes and a virtual mobile number (VMN, also called longcode). If you don’t, then that’s alright too.
The UK may be leaving the EU, but the GDPR is still coming. Find out what it means for your business, and your SMS messaging, in our post that looks ahead and reviews the ICO guidance to prepare for the new rules.
The Information Commissioner’s Office (ICO) issued seven monetary penalties against companies this year. We’ve read through them all – so you don’t have to – and discovered two lessons every company should learn about SMS marketing if they want to be successful.
Companies use contests and giveaways all the time. It turns out that doing them over SMS messaging works really well, and offers some advantages over other channels. Read our blog to see the types of results various companies achieved when using SMS giveaways.