The incoming General Data Protection Regulations is an EU wide law which aims to increase protection all of our personal information. Any company who hold the personal data of their employees or their customers must now make a number of changes to ensure compliance with the law. If you are one of the thousands of businesses who use Bulk Text as part of your marketing mix you must ensure that your Bulk Text service has also taken steps to ensure compliance. This is regardless of whether they are in the EU or not.
However, the problem is that lower cost International Bulk Text services are not legally bound by the GDPR laws and do not have to comply if they do not wish to. This could lead to your business being penalized either 4% of turnover or €20 million.
We would advise you ask your international supplier a couple of questions. If you are not satisfied with the response, maybe think about switching to a Bulk Text suppliers within the EU.
Here are four GDPR rules to consider and ask your Bulk Text supplier:
Right to Access
Part of the expanded rights of data subjects outlined by the GDPR is the right for consumers (called ‘data subjects’) to obtain confirmation from your business confirmation whether or not personal data concerning them are being processed, where and for what purpose.
If you are using an international company outside the EU you must disclose this if your customer requests. So if they ask ‘where are you holding my name and mobile number for your text marketing?’ and you say ‘ehh a company in India’. The consumer will not be very happy about this as their data is being held outside the protection of GDPR.
Breach Notification
Under GDPR, if your Bulk SMS supplier if hacked and customer information is stolen, you must be informed within 72 hours. Do you think this is likely with a company that is thousands of miles away and isn’t legally bound to do this?
Consent
Getting consent from your customers is your responsibility. We have written a blog about ensuring your consent is GDPR compliant HERE. However, you must provide an opt-out mechanism for your customers. For example; Sendmode has a website (http://stoptxt.net ) dedicated to opt-outs where consumers can enter their mobile and delete themselves from any lists. Totally free and easy for consumers to use.
If your supplier does not provide an opt-out mechanism, we would advise moving immediately as it is a key requirement of GDPR.
Right to be Forgotten
Consumers have the right to ask for all their information to be removed from a database and ‘forgotten’. This is a key requirement of GDPR and is designed to stop consumers’ information being sold on to other companies.
If you have any concerns about your Bulk Text suppliers and if they are GDPR compliant, please consider switching to an EU supplier. It only takes one complaint to get your business in trouble with GDPR.
Saoirse
