Are you sending Bulk SMS?
GDPR and Bulk SMS: A GDPR Survival Guide.
What does it happen if you send bulk SMS?
Before we begin, it's important to mention that although, in Tellody, we take a close look at GPDR for over a year and feel certain for the following definition, this article cannot be presented as legal advice and must not be confused as one.
Getting at the main point, the General Data Protection Regulation (GDPR) is knocking our door and as we have already explained in our previous article the citizens in EU have the right to claim refunds (really huge refunds) when they receive text messages (SMS) without their consent.
Great news for the European citizens, "guillotine" for those who had as marketing approach the SMS spray and pray tactic. Especially in Greece, where these marketing habits were over-used, a lot of people will be very pleased with the new regulation. Personally, I will be very glad to receive a marketing SMS from that company that I couldn't get rid off and "tortured" me for over a decade. Why? Because from the 25th of May, I would be able to make them pay (literally) for their bad habits. I am not alone anymore, the General Data Protection Regulation supports me. Amazing?
From now on( on the 25th of May), not only is illegal for someone, an MP( member of parliament) for example, to sent you a text message without your consent,but it's illegal to keep records of your personal data in a database list in his or her PC. A list provided from the wolves of the market, of course. As you may know, your phone number, my phone number and almost all phone numbers, are available for sale accompagnied to rich metadata. Gender, age, address and goes on. In the new era of GDPR all those sellers are the illegal dealers of SMS Marketing.
We guess that after some correctional moves and exemplary punishments the market will be established to new reality. Of course, it's not the end of SMS Marketing, the most effective matketing tool, but it will be used only by companies that will have secured the consent of their customer, with certainty and will be able to handle with respect their customer's personal data. The land will be cleaned , the wolves will stop howled and MPs will find different ways to ask for your vote ( social media).
The main question
What should a company or an organisation do from now on in order to secure that its policies are compliant with the new regulation and that won't have to face any accusations ?
Leaving behind desperate solutions such the one of Wetherspoon,which deleted its whole database and start over, we suggest you to follow in GDPR footsteps and ask for the conformity of all your customers that you have planned or you are planning to send an SMS. What does conformity means according to European Union?
GDPR demands specific actions to be taken. The legislator makes clear that the consent should:
1. Be expicit and clearly written in simple and easy to be understood wording.
2. Be straightforward and without doubts about its content and its time duration.
3. Include a link to the terms and conditions of the company.
4. Be given willingly.
5. Present the chance of leaving to the customer. The customer should be able to ask for the postponement of his / her consent instantly and should be deleted from the database . The postponement should be as obvious and accessible as the consent. The new regulation prerequisite the existence of opt-out services in every marketing SMS.
6. If the subscriber is under age, the consent of the legal guardian is required.
Consent through SMS
In a previous article we mentioned some examples of consent through personalized emails. The email seems as a good channel of communication that can makes the incorporation of images, buttons and links easy enough. So with the help of an upgraded platform an email of consent would look like the following:
In the email above four personalised links (different for each customer) are included (directly or not) and all of them are considered to be necessary in order to make the communication channel compliant with the GDPR:
- Consent Link
- Opt out Link
- Forget Me Link
- Update Profile Link
So keeping in mind that GDPR encapsulates all the communication channels, whichever wants to keep sending marketing SMS must provide access to these servives (by law). That assumes the import of special links and messages diferrent from customer to customer.
And the problems start now, because SMS is a poor ( short as its name mentions) channel of communication build to send a specific amount of characters to another device through the net of a mobile communication provider.
So in order to build an SMS of consent aligned with what we have written above we should follow the example:
And this is too long and costly for you. So we are going to make a lighter but compliant with GDPR version like the following:
With the SMS above you are legal and provide your customers with free of charge proper services
We say no to consent through ΜΟ.
Of course everyone can disagree with us and say that the following example of MO consent (mobile originated) is valid for GDPR. Allow us to disagree:
And this is another, improved,SMS which at least includes an Opt out option for the customer:
Yet, is not enough.
To rest assured we would preffered it written like the one below (even without the Update Profile link):
And here lies the problem with MO messages. You ask the recipients to take actions through different communication channels (web and MO SMS) and you ask them to pay for these actions:
- Write a short code SMS and text for consent ( chargeable service)
- Write a short code SMS and text to be forgotten (chargeable service)
- Click on the link which leads to terms and conditions
Too much work for the recipient. Plus we consider that is forbidden and a great mistake to ask from your customer to be charged with the expenses of your business.This tactic is a oneway road to lower conversion rate and greater loss of subscibers.
For all the reasons mentioned above we believe that MO SMS consent is defective and we not recommend it in the GDPR era.