You have a lot of creative freedom in SMS marketing, whether you’re targeting a local subscriber list or have your eyes set on a bigger percentage of the 5 billion registered mobile subscribers in the world. However, there are some restrictions to what you can do in your SMS marketing campaign and being GDPR compliant is one of those restrictions.
GDPR stands for the General Data Protection Regulation, which is a European Union (EU) law that covers the regulations for privacy and data protection for every person that lives in the EU, and within the European Economic Area (EEA).
The law came into effect on the 25th of May 2018, in order to provide protection to customers in the EU that were being affected by problems like data breaches, which many of the largest online businesses were falling victim to at an exceptional rate. The new law brings a lot of changes to the way that data should be secured, and for marketing, the changes have been quite drastic.
Failing to comply with the new GDPR regulations can come with an enormous upper limit of a €20 million fine, making GDPR compliance very important for the future of your business and for the saftey of your customer’s data.
If you’re getting ready to run a new SMS marketing campaign, then it’s essential to make sure that it’s GDPR compliant, but that can be easier said than done if you’re not familiar with just what GDPR entails. To make it easier to safely run your next campaign, here are three essential points you need to address to help make your SMS marketing compliant with GDPR:
1. Every Customer Needs to Have Opted-In
One of the most important practices to follow to make sure that your SMS marketing campaigns are compliant with GDPR, is to only message those customers who have explicitly opted-in to receive marketing messages from your business.
When new customers are registering for your marketing service, such as through a form on your website, there must be a clear opt-in for marketing communications. This can be in the form of a ‘tick box’ that states that by selecting it, the customer will be choosing to receive SMS marketing communications. Under GDPR, marketing types can’t be bundled together, you must receive separate consent for each type of marketing.
To ensure this process is compliant, it must be transparent what the customer is opting in for and choosing to opt-in must not be in the form of a pre-ticked box. Clarity is essential for opt-ins, customers must instantly understand what they are signing up for and choose to do so themselves.
In opt-in forms, the name of your business must also be clearly stated, nothing should be left to assumption. Under GDPR regulations only the buisness that is explicitly given permission to will be able to contact the customer.
A good practice for opt-ins to protect your business in the event of a complaint, is to record the way that each customer has opted-in to receive marketing. By recording the process, you have a clear record of the customer’s choice to receive marketing from your business.
2. There Needs to Be the Ability to Easily Opt-Out
To be GDPR compliant in your SMS marketing, it’s just as important to make it as easy to opt-out as it is to opt-in, if not more so. This may feel counter-productive to the growth of your subscriber list, but it prevents customers getting annoyed with too many messages or feeling like their privacy is being affected.
A method for opting out of communications should be presented at the end of messages and there must also be other ways to opt-out of marketing messages, such as through your business website.
In the same way that the opt-in needs to be completely clear and not hidden in any way, the opt-out must be the same. GDPR regulations require that opting out of messages should be easy and straightforward and that all customers should know that they have the ability to stop further marketing messages at any time.
3. Personal Data Needs to Be Managed Carefully
The management of personal data is a major part of the GDPR regulations, no matter how you’re gathering data and what the data entails. Some of the most important things to bear in mind when handling any data as part of your SMS marketing campaign, are:
- There are different regulations in place for data processors and data controllers, so you will need to identify which one your business falls under.
- All data must be stored in a secure way and can only be retained for a set amount of time – always make sure that your data is up to date and required!
- You may have a requirement to gain permission from your customers to keep their data, on a regular basis.
- All data should be managed effectively, including all opt-in and opt-out data.
Under the new regulations, it’s of the upmost importance to make sure that data is updated and secured, and that a business has clear permission to be using and storing it. Personal data needs to be processed lawfully, collected for a specific reason, and be relevant to the reason it’s being collected, otherwise a business runs the risk of their data not being compliant.
The new GDPR laws are very in-depth and surround many areas of privacy and data protection, so if you’re unsure what you’re allowed to do and not allowed to do in your campaigns, it will benefit your business to review the law and get a complete picture of what GDPR compliance entails.
No matter the type of SMS marketing campaign that you’re running, it’s essential to be clear, concise, and transparent in the ability to opt-in and opt-out, and make sure that all customer data is secured and used responsibly.