5 Key Points to Ensure Your SMS Marketing is GDPR Compliant
As you are most likely well aware by now, the all-new GDPR regulations came into force on 1st May. These new Europe-wide regulations, known in full as the General Data Protection Regulation, set a new standard for consumer rights when it comes to their data and how companies collect, store and use it – and the implications are of great significance when it comes to SMS Marketing.
Although by now companies that already use SMS Marketing should have implemented any required changes in their practices and procedures, those who are considering introducing SMS Marketing to their mix will no doubt be keen to ensure they get things right from the outset. It is also worth checking that you haven’t missed anything if you are already using SMS.
To help ensure your SMS Marketing is GDPR compliant, we’ve prepared a summary of some of the key factors to consider.
1. Explicit opt-in
If you are encouraging customers to register for SMS Marketing as part of a general registration, it is absolutely essential that there is an opt-in for this channel that is either blank or set to ‘no’. Although this has been best practice for some time now, many websites have continued to use a pre-ticked box on such forms that sign the customer up for marketing and other communications unless they choose to opt-out.
Whether you are planning to use a new or existing form to get customers to sign up for SMS Marketing, be sure that it is fully compliant.
2. Specific SMS Marketing opt-ins
If the registration form on your website offers customers the opportunity to opt-in for a range of marketing channels such as email, post and SMS – typically referred to as a ‘bundled’ opt-in – it is now absolutely essential to set out consent individually for each channel – this translates to having a separate (unchecked) box for each and not a generic all in one opt-in as often used in the past. If you do not have a checkbox for SMS Marketing, now is the time to make sure one is added.
Although the requirement for a specific opt-in for SMS Marketing did technically exist already, the position is much more strongly enforced under GDPR, as is the need to retain a clear record the permission given for this channel.
3. Withdrawing permission / opting out of SMS Marketing
Again, under existing legislation prior to GDPR (see our article on PECR regulations here), it was already a requirement to provide customers with the opportunity to opt-out of receiving future SMS Marketing communications. This is further enhanced by the new GDPR rules. There is now a clear requirement to make it as easy for customers to remove consent as it was for them to grant it, and they must always be aware that they have the right to remove consent – in plain and simple language that is easy to understand.
For SMS Marketing, this means including an opt-out option in every message – which those already using SMS marketing should have already been doing. It is also essential to ensure that the option to opt-out of SMS Marketing communications is available elsewhere, for example via an obvious, dedicated link on your website. Finally, your terms and conditions should also make clear how to specifically opt-out of SMS communications, as well as other channels.
4. Named parties
Under the PECR legislation, permission for SMS Marketing is explicitly limited to communications from pre-approved parties that are relevant and relative to the original product or service that the opt-in was related to.
The laws in place prior to GDPR also already made it clear that the customer details could be used only by the party to whom permission was granted. Under GDPR, this remains relatively unchanged, however, there is an increased focus on ensuring that the party to whom consent is being given is clearly identified at the point of sign-up. For example, even though a customer may be registering on the Tesco website for SMS Marketing from Tesco, it must be made clear that they are granting permission to Tesco as a named party – it cannot simply be implied or assumed.
5. Managing personal data
No matter how you collect the personal data for your SMS Marketing list, be it through your website, handwritten sign-up forms or direct SMS messaging, the GDPR places strict rules on how you manage this data. Key considerations include:
- Ensure your organisation has a good understanding and documented record of the data held and the permission to use it.
- Check if it is now necessary to gain or refresh consent for the data you hold – in the case of SMS Marketing lists, there may well be a need to ask customers to refresh their permission.
- Ensure there is a defined policy for how long personal data is retained, to make sure that it is not retained unnecessarily and ensure it’s kept up to date. You should also have an effective system for managing opt-outs to ensure that such users wishes are respected.
- Ensure that data is being held securely, considering both technology and the human factors in data security.
- Establish whether you are a data controller, data processor or both and that your organisation has the correct legal arrangements in place?
Although it is easy to feel daunted by the new GDPR legislation, it is important to remember that in the main, those companies who have already been following best practice in their marketing and data protection activities will find that the majority of the requirements are already satisfied. If, however, you remain uncertain it is highly recommended to seek independent, professional advice at the earliest opportunity.
Disclaimer – This article is intended only as general information. It is not intended to be comprehensive or to constitute legal advice. If you need help on a specific issue please seek advice from a qualified legal representative.
At Fastsms, our award-winning team of experts are available 24/7 to help your business to make the most of SMS Marketing, one of the most effective and efficient forms of marketing currently available. Call us now on 0800 954 5305 to discuss your needs and find out just how easy it is to make SMS Marketing work for you.
Related Articles
3 Compliance Tips for Your Next SMS Marketing Campaign
When conducting an SMS marketing campaign, there are a number of compliance regulations you should be aware of, to ensure that your communications are as effective as possible, without being potentially damaging to your campaign or your business. If you're marketing to a UK market, the UK Privacy and Electronic Communications Regulations (PECR) gives clear guidelines on what falls within the rules. Here we've highlighted some key tips to ensure your next campaign is compliant, based on common questions that arise.
Never Use SMS Marketing the Way This Company Did
You’d think a large, multinational company would have all the resources and planning it needed to run an SMS marketing campaign. But that isn’t always the case apparently. Find out the big mistake this one company made and how you can avoid doing the same thing in this blog.
GDPR: Here’s What You Need to Know for Your SMS Messaging
The UK may be leaving the EU, but the GDPR is still coming. Find out what it means for your business, and your SMS messaging, in our post that looks ahead and reviews the ICO guidance to prepare for the new rules.
5 Key Points to Ensure Your SMS Marketing is GDPR Compliant
SMS Marketing – A Brief Guide to the Data Protection Act 1998
Any UK business that collects, stores and uses other people’s personal data for purposes such as marketing and selling is subject to the rules of the Data Protection Act, and those using SMS marketing are no exception. Having a basic understanding of the DPA legislation and its main requirements is useful to maintain best practice in direct marketing such as SMS marketing and also helps to uphold your hard won customer trust - as well as avoid the potentially costly consequences of falling foul of the law. Read this article to learn how to avoid the simple pitfalls and get your SMS marketing campaign off to the right start.
5 Ways To Ensure Your SMS Marketing is GDPR Compliant – [Infographic]
SMS Marketing Compliance and The New GDPR Regulations
As with anything in business, there are rules and regulations that need to be followed. Some of the key ones are laid out in the UK Privacy and Electronic Communications Regulation (PECR) - and while this can seem like a daunting document at first, it doesn't need to be...
ICO issues a huge fine for massive illegal SMS campaign
ICO, the Information Commissioner's Office, has recently imposed a huge fine on direct marketing company Help Direct UK for sending illegal SMS messages.
What Not to Do When the ICO Comes Calling
The regulations about SMS marketing are quite clear. But sometimes people, and companies, can make mistakes. Find out what happened to a company that reacted poorly to the ICO’s request for information, and how it made their situation so much worse.
5 Common Questions About SMS Marketing Compliance
Electronic marketing is a tricky thing. There are rules and regulations you need to follow, and it can all seem pretty intimidating at first. To help you get started, I’ve gathered five of the most commonly asked questions about SMS marketing and the regulations and summed them up here.