GDPR and sending SMS messages: what you need to know.

mdsojolh43 · Post by **mdsojolh43** » Sat Jan 04, 2025 7:07 am

is important to emphasize here that, although we have checked each of our sources and are confident in our interpretation, this article does not constitute legal advice.

Questions are increasingly coming back to us: " will I still be able to send SMS to my customers with the entry into force of the GDPR ( General Data Protection Regulation or GDPR in France) ?", but also " will I have to ask my customers for explicit authorization so that they can receive my messages ?".

Long story short, the answer to the first question is yes: you will be able to continue sending SMS messages to your customers. And no, to answer the second question, you will not necessarily need to ask your customers for permission again to send your messages.

However, it is essential to familiarize yourself now with the basics of the GDPR to ensure that you will be compliant with the law.

GDPR Basics

The General Data Protection Regulation, or GDPR, will come into force on 25 May 2018, replacing the data protection legislation used in all EU countries. We will focus on one aspect of the GDPR in particular: having a legal basis for processing personal data.

What does “processing of personal data” mean?

To concretely measure the impact of the European regulation on the panama whatsapp list protection of the data that you process, start by accurately identifying your personal data processing. The development of a processing register allows you to take stock. ( source: CNIL )

Your customer database, as well as all SMS (or emails and messages) sent to people from your database will be considered as 'processing'.

What are the bases of this law?

This is the justification you will have when processing your data. There are six steps to prepare for this new regulation that protects personal data. Note that none of these steps is more or less important than the others. For more information on the subject, please consult the pdf provided by the CNIL.

Will you need your customers' consent to communicate with them after GDPR comes into force?

Not necessarily. The two legal bases for communicating (which we believe will concern the majority of companies in the processing of their data will fall under consent and legitimate interests). More information here.

Each processing operation – such as sending a newsletter to an existing customer – will have to be confronted with three different questions:

1) Do you have a legitimate right to send this message? Does this include the need to sell some of your other products/services or to promote wider use of an item purchased in the past?

2) Do you need to send a message to achieve any of these goals? If the same result can be achieved by a less intrusive means (such as a customer visit to your website), then this action will not be legitimate.

3) Are you going to send a message that goes against the interests, rights and freedoms of the individual (and recipient of the message)?

These three questions make up the Data Protection Impact Assessment (PIA) that you will need to be able to complete before the GDPR comes into force. You can find a more detailed explanation and the necessary tools here .

What do you need to know about the new regulations regarding electronic communications?

Just as the GDPR will replace the current legislation, the current Privacy and Electronic Communications Regulations ( here for more information ) will also be replaced. These new regulations will cover the rules relating to electronic communications such as emails, SMS, automated voice, etc. However, the implementation of these new regulations will not take place until 2019, and you will need to continue to comply with the current requirements for now.

In conclusion

Unless you work in the public sector (which involves different regulations), it is very likely that your existing customer communications will continue uninterrupted if you comply with the new measures in force.

This new regulation will need to be included in your privacy policy, something we will provide more information on very soon. It is essential to take a different approach to each of your lists of potential customers and prospects. You will find that consent is probably the most appropriate legal basis. We will publish a guide on obtaining consent very soon.