SMS Marketing Compliance and The New GDPR Regulations

There’s no doubt that SMS marketing is a great way of interacting and communicating with customers. As numerous stats show, nowadays millions upon millions of people use their mobile phones to send text messages.
Not only that but we’re a generation addicted to our handsets, meaning we’re receiving and reading messages quicker than ever. SMS messages have a higher open rate than emails, and many surveys have found that users would prefer to communicate with businesses via texts rather than any other form of communication. In short, SMS marketing is popular and it works – but that’s not to say it doesn’t come without its complications.
As with anything in business, there are rules and regulations that need to be followed. Some of the key ones are laid out in the UK Privacy and Electronic Communications Regulation (PECR) – and while this can seem like a daunting document at first, it doesn’t need to be.
As long as you are aware of the important points and are operating within the law, you have absolutely nothing to worry about with SMS messaging and marketing. One of the key areas to be aware of is how you get the information of those you’re contacting…
The Numbers You Contact Need to be Opt-In
You can’t contact anybody via SMS messaging unless they have opted-in to receiving communications from you. There are two types of opt-ins that you need to be aware of – the distinctions are quite key.
One is considered “hard”, in which you specifically requested their permission to send them text messages (perhaps through them ticking a box on your website or a form) and they confirmed that this was okay. It is always important in this instance to be clear about what you will be doing with their information when they sign up.
You should also keep a record of how you confirmed their acceptance. In the event that anyone should make a complaint, this will be of great value to you. You can contact “hard” opt-ins as much as you want (although sending too frequently isn’t advised as you can end up annoying your subscribers).
The other type of opt-in is known as “soft”. This is where you may already have someone’s contact information (e.g. name and number) because they have been a customer previously or they’re a current customer. Additionally, if you have someone’s details because they contacted you to discuss your services or a purchase but they never became a customer, this would also be known as a “soft” opt-in.
You can potentially contact these types of individuals without their specific consent beforehand. However, the message that you send them has to be related to whatever service or product you initially discussed with them.
For example, if you spoke with them about buying a phone from you, you can’t then contact them about discounted holidays or window cleaning services. You might be able to message them about anything relating to the phone though – for example, cheap mobile packages or new phone covers.
However, the “might” is because if someone is a “soft” opt-in, they must have also been given the chance to opt-out from all marketing at the point when you first collected their data. The rules concerning “soft” opt-ins are quite vague and easy to misconstrue, so for the avoidance of doubt, it is always best to use a “hard” opt-in.
Always Give People The Option to Opt-Out
When you’re messaging contacts, regardless of how you have obtained their information, it is important to offer the option for users to opt-out. If they’re a “soft” opt-in, the rules are very strict that you must include instructions for opting-out in every message.
If they’re a hard opt-in, then it doesn’t have to be quite as blatant but it should still be clear, simple and easy for them to be able to opt-out. It may seem frustrating when you want to keep everyone on your messaging list, but annoying customers and risking becoming a spam complaint just isn’t worth it.
Giving customers the chance to easily opt-out will leave them feeling a lot less frustrated (for example, if they realise they’ve changed their mind since first opting in) and will see them potentially repeating their custom once again.
You Need to Know About The EU General Data Protection Regulation
The data protection directive has had a fresh makeover and coming into action now is the EU General Data Protection Regulation (GDPR). The idea is that it will make the data regulations cohesive across the EU member states. It requires that any information is processed lawfully, fairly and transparently.
It also dictates that when information is collected, it is specified explicitly what it will be used for and is taken for legitimate reasons. Additionally, it can’t be processed again for any other purposes beyond the initial reason.
Any personal data that is kept on file should have been consented to by the subject – and it must be possible for anyone using the information to show that it was given freely, in an informed way, for the specific purposes that you are using it for.
As part of the GDPR, silence, boxes that have already been ticked (and require opt-outs) or inactivity cannot be considered as consent.
Information must also be kept in a way that means subjects who have their information being kept on file can get in touch with you easily and request that their details are removed from your system (and any other system they may be on). They can also request details on how their information is being used. This means keeping an organised record of where all contact details are and who it relates to.
Finally, it is important that all information is stored securely and is protected against any unlawful or unauthorised processing. It should also be kept safe from damage, destruction or accidental loss. This also includes keeping it away from hackers who could potentially steal and use this information.
With the GDPR, the person who the data relates to now holds a lot more rights over their information and how it is being used. It is therefore very important to ensure your company respects these regulations and is in compliance with the various legislations that you are working under. Not only does it demonstrate good working practice and help to foster positive relationships with clients, but it also protects your company should claims be made against it.
Get in touch
To find out how FastSMS can help your business stay compliant with its SMS marketing, or for any help and advice, contact us today.
Related Articles
A Demonstration on How Not to Build Your SMS List
Over the last month or so I've signed up for quite a lot of webinars. I'm always trying to learn more about technology, marketing, best practices – you get the idea. So I've been excited to see many organisations offering SMS reminders for webinars. But there is one experience I had with an SMS reminder for a webinar that I simply had to share.
The price for being funny in an SMS message
A review of the EC directive for SMS marketing
SMS Marketing – Should You Buy a List?
Starting an SMS marketing campaign can be a daunting task. Gathering explicit opt ins can take time, as you need to make an investment in advertising. So why not just get a jumpstart and buy a list of mobile numbers from an organisation that already has the opt ins? You could do that, but it’s probably harder than just getting people to opt in on their own. Here’s why.
Unsolicited SMS Messages Lead to Trouble…Even for Trump
Late last month reports surfaced that the Trump US presidential campaign had sent unsolicited SMS messages to voters in the Chicago area. One man, Joshua Thorne, and his lawyers have filed a class-action lawsuit alleging the Trump Campaign violated the Telephone Consumer Protection Act (TCPA, the US equivalent of the PECR).
SMS Marketing: An Essential Guide to PECR
The PECR Regulations, better known as the Privacy and Electronics Communications (EC Directive) Regulations 2003 are one of the most important pieces of legislation affecting those involved in SMS Marketing. They exist to safeguard the privacy and use of personal information when used for direct marketing through electronic means, including communications by SMS. Parts of it crossover with the Data Protection Act 1998 (DPA) and where it does so, both pieces of legislation should be complied with. Unlike the DPA, the PECR is obligatory whether or not you process personal data in the course of your business. Read this essential guide to PECR for SMS Marketing to ensure you know everything you need to know.
Never Use SMS Marketing the Way This Company Did
You’d think a large, multinational company would have all the resources and planning it needed to run an SMS marketing campaign. But that isn’t always the case apparently. Find out the big mistake this one company made and how you can avoid doing the same thing in this blog.
Advantages & Disadvantages of SMS Marketing
SMS marketing is very different to most other more traditional marketing tools, specifically because of its short-form, text only nature. This certainly shouldn't put you off though. We have put together our guide to both the best things about SMS marketing and some of the potential problems, and how to work around them.
The ONE Thing You Never Want To Do In SMS Marketing
"UK B2C data for SMS marketing" - That was the search result headline I found while researching online. Interesting I thought. It must be relating to SMS marketing statistics for B2C (business to consumer) sales. Since I was searching for some updated information and studies about SMS I decided to click and read.