GDPR & SMS Marketing: Expert insight from FireText


Posted by: Stafford Sumner on 8th May 2018


GDPR & SMS Marketing: Expert insight from Firetext

As you’re hopefully aware by now, the upcoming changes being brought into force with GDPR (General Data Protection Regulation) span a number of your different marketing channels and can extend wider into your organisation.

We’ve provided you with an extensive look at how the changes will impact your email marketing (you can download a free copy ofA Practical Guide to GDPR & Email Marketing here) but we know this only makes up part of the picture.

Increasingly, we’ve found our customers are using SMS marketing to complement and supplement their email marketing. So who better to give us the lowdown on GDPR and SMS marketing than our good friends and SMS marketing experts FireText?

Here’s the essentials of what you need to know about GDPR and SMS marketing, kindly provided by the Firetext team…

If you’re managing customer mobile numbers, just like any other personal data, it must adhere to GDPR, and although things will be changing, it’s pretty-simple in terms of what you need to do to ensure you are managing your SMS data compliantly. By making just a couple of tweaks to your data collection process, you’ll ensure your data is managed compliantly ready for May.

When it comes to collecting mobile numbers for SMS comms, you have a couple of options:

Positive Opt-in

If your customers have positively opted in to receiving marketing communications from you by SMS, then you can send them text messages – simple. There are a few ways customers can opt-in, both online and offline; perhaps by ticking a box on your website or data collection capture form which confirms they want you to contact them. Or you could advertise a text keyword; which is advertised alongside a clear call to action explaining what they are opting in for.

If you are updating your opt-in process, then now is the perfect time to introduce the collection of mobile numbers to your sign-up form.

Be clear

Whichever way you choose to collect opt-ins, it must be compliant with the new data regulations, you can check this by asking yourself a couple of quick questions.

– is it clear on opt-in, exactly what is being consented to?

– can you document consent and evidence it if challenged?

– is it easy for subscribers to withdraw consent at any time?

Legitimate Interests

You can continue to contact recipients by SMS who have provided you with their mobile number previously, perhaps during a transaction or by signing-up to an account, based on ‘legitimate interests’. There’s a little more to consider here to ensure you’re processing the data correctly, but there’s a handy checklist on the ICO website which will help you stay compliant. If you’re using legitimate interests, you must offer an opt-out to SMS marketing, both at the time of collecting the mobile number and on every message.

Providing an opt-out

Under PECR law, you must include an opt-out function in your SMS campaigns to give customers the option to stop receiving communication from you if they wish to. This is no different with GDPR and can be managed with either an opt-out SMS keyword, or by linking to an unsubscribe page, both options will enable the customer to remove themselves from your list instantly so there’s no extra work.

Keeping Proof

Not only must the consent given conform to the new regulations, but there also must be proof and data controllers “must have an effective audit trail of how and when consent was given, so organisations can provide evidence if challenged” this applies to anyone managing data, regardless of how that consent was obtained.


If you need any further information on this we’re sure FireText would love to hear from you. You can reach them their website here.

And if you haven’t seen it already, you can read our information on email marketing and GDPR compliance here.

Neither Jarrang or Firetext can provide legal advice so if you need it, we do recommend that you speak to a legal professional or data privacy practitioner to discuss your individual needs and establish your policies for data management and processing.

Get your practical guide to GDPR & email marketing


Download the Guide

About the author

Stafford Sumner

An expert in developing businesses through email marketing, Stafford founded Jarrang in 2003, and since then has worked with hundreds of business across the globe helping them grow and succeed.