SMS marketing is governed by several legal frameworks and regulations to ensure businesses use it responsibly and protect consumer rights.
It is a powerful tool for businesses to communicate directly with their customers and get their messages across, whether transactional or promotional. For customers, SMS marketing is a way for them to receive any important or promotional updates, reminders and information from their favourite businesses.
It is important for businesses to not only protect their customer’s data, but also ensure they are being legally compliant with when and how they are delivering their SMS communications.
In the UK, SMS marketing is regulated under several legal frameworks to ensure businesses use it responsibly and protect consumer rights.
This is important for any business who sends SMS messages, whether they are done in-house, or a third-party company does them for you.
If you use a Self-Service SMS platform, for example, it is extremely important you have knowledge of data protection and SMS regulations in your area, industry and country.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a Europe-wide law that replaces the Data Protection Act 1998 in the UK and supersedes the UK Data Protection Act 1998.
It provides a legal framework for keeping everyone’s personal data safe by requiring companies to have robust processes in place for handling and storing personal information.
There are 7 main principles of GDPR:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
In the UK, all businesses must have explicit, informed and freely given consent from individuals before sending SMS marketing messages.
The only difference is if the SMS message is a transactional SMS.
Transactional SMS messages are important updates that the individual must receive, such as appointment reminders, order confirmations and updates. Read our blog to learn more about Transactional SMS.
Alongside this, recipients must be able to opt-out of SMS messages easily at any time. Opt-out instructions should be included in every SMS.
Businesses must also be transparent about their data and inform recipients about how their personal data will be used and processed.
Privacy and Electronic Communications Regulations (PECR)
The Privacy and Electronic Communications Regulations (PECR) work with the Data Protection Act and the UK GDPR. They adhere to specific privacy rights in relation to electronic communications.
Specific rules of PECR outline:
- Marketing calls, emails, texts and faxes
- Cookies
- Keeping communications services secure
- Customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings
The PECR will apply to you if you market via SMS marketing, use cookies, or compile telephone directories.
Ofcom and Mobile Network Guidelines
Ofcom regulates specific content standards and SPAM prevention. Messages must not contain false claims, offensive language or misleading information. They work with mobile operators to minimise spam and enforce compliance regulations.
ICO (Information Commissioner Office) Enforcement
The ICO enforces GDPR and PECR compliance in the UK, with businesses facing fines of up to £17.5 million or 4% of their annual turnover for GDPR violations.
The ICO also regulates unsolicited marketing via phone, fax, email, text or other electronic channels. Different rules apply depending on the communication type, with stricter regulations for marketing to individuals compared to companies.
Only Send SMS Messages During Approved Hours
For compliance, there are “quiet hours” that all UK brands must adhere to for SMS marketing. In the UK, for example, brands cannot send SMS marketing messages after 8:00 p.m. or before 9:00 a.m.
Other Best Practices
There are other general best practices, and although not enforced, they should be respected in the SMS industry. Examples include:
- Using a double opt-in method to confirm consent.
- Limit SMS frequency to avoid overwhelming recipients and SPAM
- Include a simple “STOP” option for opt-outs, with immediate implementation
The only exception with SMS messages is if they are for purely transaction or information purposes. These include appointment reminders, order confirmations, etc.
These types of SMS messages are generally exempt from marketing regulations. However, GDPR and data protection still apply to the recipient’s personal data and processing.
By following these regulations and best practices, businesses can ensure their SMS marketing campaigns are compliant, effective and respectful of consumer rights.
If you are interested in incorporating SMS marketing, whether managed by us or in-house, please contact our expert team today. Contact us here.