SMS Marketing Compliance and The New GDPR Regulations
There’s no doubt that SMS marketing is a great way of interacting and communicating with customers. As numerous stats show, nowadays millions upon millions of people use their mobile phones to send text messages.
Not only that but we’re a generation addicted to our handsets, meaning we’re receiving and reading messages quicker than ever. SMS messages have a higher open rate than emails, and many surveys have found that users would prefer to communicate with businesses via texts rather than any other form of communication. In short, SMS marketing is popular and it works – but that’s not to say it doesn’t come without its complications.
As with anything in business, there are rules and regulations that need to be followed. Some of the key ones are laid out in the UK Privacy and Electronic Communications Regulation (PECR) – and while this can seem like a daunting document at first, it doesn’t need to be.
As long as you are aware of the important points and are operating within the law, you have absolutely nothing to worry about with SMS messaging and marketing. One of the key areas to be aware of is how you get the information of those you’re contacting…
The Numbers You Contact Need to be Opt-In
You can’t contact anybody via SMS messaging unless they have opted-in to receiving communications from you. There are two types of opt-ins that you need to be aware of – the distinctions are quite key.
One is considered “hard”, in which you specifically requested their permission to send them text messages (perhaps through them ticking a box on your website or a form) and they confirmed that this was okay. It is always important in this instance to be clear about what you will be doing with their information when they sign up.
You should also keep a record of how you confirmed their acceptance. In the event that anyone should make a complaint, this will be of great value to you. You can contact “hard” opt-ins as much as you want (although sending too frequently isn’t advised as you can end up annoying your subscribers).
The other type of opt-in is known as “soft”. This is where you may already have someone’s contact information (e.g. name and number) because they have been a customer previously or they’re a current customer. Additionally, if you have someone’s details because they contacted you to discuss your services or a purchase but they never became a customer, this would also be known as a “soft” opt-in.
You can potentially contact these types of individuals without their specific consent beforehand. However, the message that you send them has to be related to whatever service or product you initially discussed with them.
For example, if you spoke with them about buying a phone from you, you can’t then contact them about discounted holidays or window cleaning services. You might be able to message them about anything relating to the phone though – for example, cheap mobile packages or new phone covers.
However, the “might” is because if someone is a “soft” opt-in, they must have also been given the chance to opt-out from all marketing at the point when you first collected their data. The rules concerning “soft” opt-ins are quite vague and easy to misconstrue, so for the avoidance of doubt, it is always best to use a “hard” opt-in.
Always Give People The Option to Opt-Out
When you’re messaging contacts, regardless of how you have obtained their information, it is important to offer the option for users to opt-out. If they’re a “soft” opt-in, the rules are very strict that you must include instructions for opting-out in every message.
If they’re a hard opt-in, then it doesn’t have to be quite as blatant but it should still be clear, simple and easy for them to be able to opt-out. It may seem frustrating when you want to keep everyone on your messaging list, but annoying customers and risking becoming a spam complaint just isn’t worth it.
Giving customers the chance to easily opt-out will leave them feeling a lot less frustrated (for example, if they realise they’ve changed their mind since first opting in) and will see them potentially repeating their custom once again.
You Need to Know About The EU General Data Protection Regulation
The data protection directive has had a fresh makeover and coming into action now is the EU General Data Protection Regulation (GDPR). The idea is that it will make the data regulations cohesive across the EU member states. It requires that any information is processed lawfully, fairly and transparently.
It also dictates that when information is collected, it is specified explicitly what it will be used for and is taken for legitimate reasons. Additionally, it can’t be processed again for any other purposes beyond the initial reason.
Any personal data that is kept on file should have been consented to by the subject – and it must be possible for anyone using the information to show that it was given freely, in an informed way, for the specific purposes that you are using it for.
As part of the GDPR, silence, boxes that have already been ticked (and require opt-outs) or inactivity cannot be considered as consent.
Information must also be kept in a way that means subjects who have their information being kept on file can get in touch with you easily and request that their details are removed from your system (and any other system they may be on). They can also request details on how their information is being used. This means keeping an organised record of where all contact details are and who it relates to.
Finally, it is important that all information is stored securely and is protected against any unlawful or unauthorised processing. It should also be kept safe from damage, destruction or accidental loss. This also includes keeping it away from hackers who could potentially steal and use this information.
With the GDPR, the person who the data relates to now holds a lot more rights over their information and how it is being used. It is therefore very important to ensure your company respects these regulations and is in compliance with the various legislations that you are working under. Not only does it demonstrate good working practice and help to foster positive relationships with clients, but it also protects your company should claims be made against it.
Get in touch
To find out how FastSMS can help your business stay compliant with its SMS marketing, or for any help and advice, contact us today.
In last week’s blog I covered how the Trump campaign sent unsolicited SMS messages to voters. This week I’m stuck on the same topic, but from a totally different angle: what we can learn from that failure. Because honestly, their biggest issue might not be violating the law. It might be the people they have writing their SMS messages. It’s time to dissect the message that spawned the law suit, and learn what we can from it.
ICO, the Information Commissioner's Office, has recently imposed a huge fine on direct marketing company Help Direct UK for sending illegal SMS messages.
The regulations about SMS marketing are quite clear. But sometimes people, and companies, can make mistakes. Find out what happened to a company that reacted poorly to the ICO’s request for information, and how it made their situation so much worse.
SMS spam is a problem worldwide. But in the UK, we’re less likely to get it than many other countries. Find out why that is, see some examples, and how you can do your part to keep your SMS messages free of spam.
The PECR Regulations, better known as the Privacy and Electronics Communications (EC Directive) Regulations 2003 are one of the most important pieces of legislation affecting those involved in SMS Marketing. They exist to safeguard the privacy and use of personal information when used for direct marketing through electronic means, including communications by SMS. Parts of it crossover with the Data Protection Act 1998 (DPA) and where it does so, both pieces of legislation should be complied with. Unlike the DPA, the PECR is obligatory whether or not you process personal data in the course of your business. Read this essential guide to PECR for SMS Marketing to ensure you know everything you need to know.
The UK may be leaving the EU, but the GDPR is still coming. Find out what it means for your business, and your SMS messaging, in our post that looks ahead and reviews the ICO guidance to prepare for the new rules.
Four years ago, reputable commentators in The Guardian were wondering if SMS - short message service or text messaging - had peaked in performance after a two-decade exponential rise. Here we look at the evidence which shows that SMS is not only going strong, but continuing to stand out as an essential marketing channel for many businesses.
One of the most interesting use cases for SMS messaging is the financial industry. Just a couple weeks ago I wrote a blog on 7 ways the financial industry can use SMS messaging to communicate with customers. In this blog I'll expand on the topic from a different perspective: personalisation.
As an entrepreneur, it is notoriously difficult to get your message out there. It's even harder to get seen and heard in a meaningful way that doesn't offend people. Email marketing has been the darling of entrepreneurs for years, but it's time for something new. Something that supersedes the email and circumvents the spam folder.