New data protection laws are due to come into force in May 2018 and will change how you do business and how you manage your customer data and you need to prepare. Marketing and communication has moved along rapidly in the last 20 years, but unfortunately the data protection act which protects us and our customers right to privacy hasn’t moved with it, until now.
The General Data Protection Regulation (or GDPR) will apply to everyone processing personal data and will have implications on all aspects of your marketing, including SMS.
As the ICO explain here, “you must have a valid lawful basis in order to process personal data. There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.”
What do SMS marketers need to know?
Although things are changing, it’s pretty-simple in terms of what you need to do to ensure you are managing your SMS contact data in compliance with the new GDPR. Making a couple of tweaks to your data collection process now could save you a lot of time and ensure you’re prepared for the changes in May.
Your mobile numbers must be obtained in line with new regulations
There are two ways you can collect numbers for SMS marketing:
If your customers have positively opted in to receiving marketing communications by SMS from you then you can send them text messages. They can opt-in on data collection; perhaps by ticking a box to confirm they would like you to contact them in this way, or opting in via a text keyword which is advertised with clear information on what they are opting in to. Whichever way they opt-in, it must be clear and concise on how you will contact them and with what information to ensure there’s transparency.
You can contact recipients who have provided you with their mobile number perhaps during a transaction or on sign-up on the basis of legitimate interests, as long as you also offer an opt-out to SMS marketing at the time of collecting the mobile number. You can continue to send SMS marketing messages provided you provide them with an easy way to opt-out on every message.
To find out more about legitimate interests, the ICO have detailed information here.
You must always provide an opt-out
Under PECR law, you must include an opt-out function in your SMS campaigns to give customers the option to stop receiving communication from you if they wish to.
There’s lots of information and resources on both the DMA and ICO websites if you need help preparing for GDPR. When it comes to your SMS data, we’ve been working closely with the DMA in collating the most useful news and updates here on the blog.