TCPA, CTIA and GDPR

GDPR Compliance

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

GDPR Compliance

In order to send text marketing and automation messages you need to have legally gathered the client's phone numbers first. When talking about legally we refer to the customer giving you an explicit "Prior Written Consent". SMSBump offers 2 different ways for Store owners to legally gather the prior written consent.

  • • Opting in through the checkout
  • • Opting in through our subscription form

The most important things we need to know here are:

  • • Customers need to agree to your Privacy Policy that needs to be explicitly stated on your checkout page
  • • Opting in through our subscription form
  • • All agreement forms must be made "clear and conspicuous" prior to customers giving consent

TCPA

The TCPA, or Telephone Consumer Protection Act, is a federal law regulating promotions and messaging by phone.
It includes the following major points:

  • You must have express consent before messaging.
    • Solicitation messaging requires proof of written consent. Evidence may include electronic opt-ins via mobile keyword and online sign-up pages. Written consent may be evidenced by paper sign-up forms explicitly describing SMS messaging content.
    • Non-solicitation messages (e.g., internal communications, emergency alerts) require documented written or verbal consent.

 

  • Solicitation messages may be sent only from 8:00 a.m. to 9:00 p.m., recipient’s time.

 

  • You should make sure your message frequency matches your disclosures.
  • You must only send message content that matches what the subscriber initially opted in to receive.
    • For example: If a subscriber texted your mobile keyword to only receive account alerts, you cannot send them marketing material as well.

 

  • Messaging programs must allow opt-outs by any reasonable means, and senders may not restrict opt-out methods.

 

  • Every TCPA violation is subject to a fine of up to $1,500 per message sent per recipient.