How to Stay Compliant with SMS Marketing

Marketing 11 minute read 13th May 2022

SMS has not always been as effective as it is today. It took off as a marketing channel largely because of the dramatic increase in mobile phone ownership. In 2008, less than 25% of the UK population (over the age of 16) owned a smartphone. That percentage rose to a startling 96% by 2021.

As phone ownership grows, it is only natural that marketing channels adapt to reflect this.

But to implement a truly successful campaign, you first need to ensure you are sending SMS marketing under GDPR compliantly.

How to stay compliant with SMS marketing - Img01

What is SMS marketing?

SMS stands for Short Message Service, and each text is limited to 160 characters. SMS marketing involves sending these text messages to subscribers’ phones to keep them informed of the latest brand news, deals, and more.

The directness and brevity of SMS messages give them an edge over alternatives. A 160-character message is quick and easy to read. Consumers are more likely to open and read a text than they are to read a marketing email.

What is GDPR?

GDPR (General Data Protection Regulation) is a European law involving data and privacy regulations. It first came into effect in May of 2018 and has since influenced how businesses approach marketing, particularly SMS marketing campaigns.

Remember, GDPR does not just dictate how and what data you can collect. It also requires that businesses use simple and understandable language to communicate their data approaches to potential subscribers.

GDPR and SMS marketing

When you understand and handle SMS marketing and GDPR with care, you have the prospect of improving your response rates. So don’t treat GDPR compliance as a time-wasting box to tick.

Marketers have quickly come to realize that with people spending an average of 4.8 hours on their phones every day, mobile messaging results in some of the best-read and response rates of any channel.

Text messages are the most direct method of contact. They are delivered to a customer’s phone immediately and directly, which means there is a lower chance of your marketing message being written off as spam before a customer has a chance to see it.

How to stay compliant with SMS marketing - Img02

GDPR SMS marketing step by step

Customers should input their phone number on a form (online or in-person) that clearly states any terms and conditions they might need to know.


Whenever you have a new person join your subscriber list, you should disclose certain information.

  • Let them know who you are
  • Tell them about any messaging or data fees that may apply.
  • State how often they will be receiving messages from you.
  • Make it clear how they can opt-out.


Keep your message clear and simple with opt-ins for different marketing channels separated.


Subscribers should be able to opt out any time they choose, and the process of how they can do this should be made obvious with regular instructional messages.

Once you’re sure your SMS marketing campaign is compliant, it’s time to ensure it performs well. Find out what metrics you should be tracking and what they mean for your campaign here.

Key GDPR rules to be aware of when SMS marketing

  • The opt-in option must be explicit. That means no pre-ticked SMS subscription marketing boxes.

If you want to use text messages as part of your campaign, you need explicit consent to do so. Sending messages without this consent could be classified as a form of harassment.

A company that engages in SMS marketing without obtaining permission from customers could be seen as spam and would violate GDPR.

  • You should always let customers choose which (if any) marketing channel they would prefer your business to contact them via. Take care to contact them according to this preference, not only because of GDPR but also because contacting a customer in the way they have requested tends to result in a better response rate.
  • Opt-ins should be specific. You can’t have an opt-in section for all marketing, you’ll need to have one that is just for SMS if you don’t already.
  • Opt-out mechanisms should be clear and simple. Customers should know that they can withdraw SMS marketing consent at any time and it should be easy for them to do so.

This means you need to have an opt-out option included in the text messages you send. If you are sending monthly texts to your consumers, you should also send instructions on how to opt-out should they wish to every month also. These instructions don’t have to be overly complicated though. You can write STOP or HELP with a link for them to complete the opt-out process.

You should also include an obvious link or option to opt-out on your website. Your terms and conditions should also clearly state how to opt out of SMS marketing.

  • Personal data. The new GDPR rules require that companies manage their customers’ personal data with care. For example:
    • Keep a clear record of data held and permissions to use.
    • Consider if you need to refresh permission to hold data (especially for SMS marketing)
    • Ensure stored data is kept up to date and not held unnecessarily. Clearly define how long any personal data will be stored.
    • Shore up data security (on both human and technological ends).

Sending SMS marketing under GDPR

It’s true that understanding GDPR and SMS marketing can be confusing. But it is worthwhile spending some time wrapping your head around these regulations.

SMS marketing can be a useful part of any business’s arsenal. And when you know what you are doing, GDPR can work alongside you to improve marketing methods and effectiveness.

While previously used tactics may have resulted in a larger initial contact list, it didn’t necessarily translate to a great response rate. For instance, having pre-ticked SMS subscription boxes on forms may have allowed businesses to legally contact more people via message, but how many of these individuals would respond or even open these messages?

Why does GDPR compliance matter for SMS marketing?

People today spend an increasing amount of time online. If you want to keep your customers happy, it is best to tackle marketing and GDPR with honesty. Let your customer know what happens to their data and how long you store it. Ensure that they know which things they can opt-out of and how to do so.

A subscriber that feels they can trust you with their information is more likely to be happy with your business and is more likely to become a (returning) customer.

Some businesses assume that easy and honest opt-out messaging will negatively affect their marketing numbers, but this simply isn’t true. Many businesses experience a positive reaction when they create this rapport with customers. Ultimately, customers today interact with hundreds of different companies and are becoming increasingly critical as a result. being open and truthful often results in

Is SMS marketing effective enough?

According to Finances Online, 48% of consumers selected SMS as their preferred method of contact for brand updates.

But this doesn’t mean that you shouldn’t use other marketing methods as part of a wider strategy. GDPR requires that businesses let consumers choose the method of contact they prefer, whether that is SMS, email, or something else.

And you will generally get the best results if you listen to your customers. For more information on how to create a targeted and successful email campaign, visit Beambox.


Ultimately, the best campaigns involve several different marketing channels. This way, you can reach out to your potential consumers in multiple ways. To elevate your marketing approach, and ensure you remain GDPR compliant, give subscribers the chance to choose how they prefer to be contacted.

Grow your business and customer loyalty with guest WiFi!

Related posts