- DarkLight
Setting up Yotpo SMS & Email to Comply with GDPR
- DarkLight
This information is not legal advice. While we do our best to provide useful information as a starting point, Yotpo SMS & Email advises all merchants to obtain professional legal advice to ensure that all marketing campaigns are sent in full compliance with all applicable laws.
If you plan to send SMS or email marketing messages to citizens of the European Union, you must adhere to the GDPR. To do so, you must follow a couple of simple and easy steps presented in the following article.
What is the GDPR?
GDPR stands for the General Data Protection Regulation that went into effect in May 2018. It protects the privacy and personal data of individuals within the European Union and addresses data protection and privacy in the European Union and the European Economic Area.
GDPR centralizes the rules and processes businesses must follow in order to protect and respect the interests of European citizens.
How to stay compliant with the GDPR
When sending marketing messages to EU citizens, you must:
- Obtain explicit consent.
- Include a free and available opt-out mechanism at all times.
- Explicitly state your Privacy Policy on your checkout page and all subscriber collection methods.
Obtaining consent
According to the GDPR, shoppers must explicitly agree to receive promotional text or email marketing messages from you. When collecting phone numbers and email addresses on your website through a pop-up or another subscriber collection method, you must clearly state that the individual agrees to receive recurring marketing messages. You must mention that consent is not a condition of purchase and provide links to your Terms of Service and Privacy Policy.
A consumer opt-in to receive messages should not be transferable or assignable, and message senders should not use opt-in lists that have been rented, sold, or shared.
With Yotpo SMS & Email, consent can be obtained at your store’s checkout or via our various subscriber collection tools. All of them are built-in for compliance with all legal regulations and include the required legal verbiage.
Providing an opt-out method
The GDPR requires you to honor their “right to be forgotten” and give customers clear instructions on how to opt out, such as an opt-out link in your text messages or unsubscribe link in your emails. It is important to remember that opting-out must be free and available at all times.
Keeping your privacy policy up to date
Your Privacy Policy should be explicitly stated on your checkout page and all subscriber collection methods. There are a few things you must mention in your store’s Privacy Policy to stay GDPR compliant:
- How your brand is collecting and using customers’ data.
- How that data is being secured by you and by any data processors (i.e., Yotpo SMS & Email) you're working with.
- How you enable and support your customers’ rights to understand and control their personal data.
This was our quick guide on staying compliant with the GDPR before sending marketing messages to EU citizens. Don’t hesitate to go to our Knowledge Base for more useful articles, or contact us if you have any questions or feedback.