Data compliance has been part of responsible SMS marketing in South Africa for a while now. First there was WASPA (the Wireless Application Service Providers’ Association) and more recently, POPIA. Because of the serious consequences of not being data privacy compliant, marketers must keep this in mind when planning and executing campaigns.
In this blog post, we’ll look at common data compliance pitfalls marketers land in when using SMS incorrectly and point out how to prevent this from happening. Though compliance worries aren’t unique to text messaging, this channel can easily become the weak link in your strategy if not managed properly. So, let’s jump into it.
Why Data Compliance is a Big Deal
Data compliance keeps the public safe, and businesses that appreciate this fact see it as an opportunity and not just an obligation. Though legislation like POPIA also promotes better marketing, non-compliance is a major risk for any business. This is especially relevant now that regulators are ready to enforce penalties.
So, where do marketers slip up most? And more importantly, how do you avoid making these mistakes in the first place?
Common Data Compliance Traps
1. Failing to Get Consent
Because SMS is a form of electronic direct marketing, you must get consent from contacts before you start sending them promotional messages.
Fortunately, there are clear criteria for consent to be valid – but be aware of how they apply to SMS. For instance, you must list the channels you plan to use for marketing. If you’re asking for consent in email, but you want to market via SMS, you will have to explain that the same contact data will be used for SMS marketing.
For a more detailed overview of consent requirements in direct marketing on digital channels, download our POPIA guide.
2. Forgetting an Opt-out
According to WASPA, SMS marketing in South Africa must incorporate a functional way to opt out. This includes giving contacts the ability to opt out on the same channel you’re marketing on and sending them a clear confirmation that they’ll no longer receive your promotional messages.
Weaving opt-out instructions into your text messages can be a challenge – especially with the 160-character limit – but it will help you stay compliant.
3. Contacting Ex-Subscribers
Businesses may not market to contacts who have opted out of their lists. So, this is a completely avoidable misstep that hurts your brand and compliance status at the same time.
Marketers run into this by not managing unsubscribes properly. Wrong actions include leaving unsubscribed contacts on messaging lists or re-adding ex-subscribers when manually uploading contacts. That said, these are often honest mistakes due to human error.
Communication platforms like Everlytic help you to automate common database management actions, like uploading and updating lists. This approach eliminates potential human error and reduces compliance risks.
Everlytic also gives you a clear overview of customer contact data and provides detailed status updates on SMS subscribers, including bounces and unsubscribes.
4. Neglecting Data Security
Securing SMS contact data may be a technical challenge but consider it in relation to the cost of not keeping your customers’ information safe. If your database is breached, you will have to notify the Information Regulator and the contacts whose information was exposed – within a specific timeframe.
Furthermore, you’ll have to follow that up with a plan to limit the damage caused by the breach – and have an effective strategy to prevent it from happening again.
Avoid this scenario by taking responsible steps to beef up security. This includes using a communication platform that’s penetration tested, audited, and designed to mitigate the OWASP’s top 10 security risks – like Everlytic.
5. Buying Uncompliant Lists
Building a large, compliant database isn’t easy, and some marketers buy contact lists to access specific customer bases. This comes with major risks under POPIA and is not good marketing practice.
If you have any doubts about whether your list is compliant, rather reach out to each contact on that list and ask them to consent to your messaging (or see some of the clever suggestions in our POPIA guide). This may come with the drawback of losing subscribers, but you wouldn’t be allowed to market to them without the necessary permissions anyway.
The five pitfalls we’ve discussed are largely avoidable if you prioritise data compliance in your SMS marketing from the start. Businesses that embrace this need as a key part of their strategy see it as an opportunity to improve their processes and better serve their customers.
For a more detailed overview of POPIA and its influence on database management and direct marketing, download our POPIA guide.
Disclaimer
The content of this blog post does not constitute legal advice of any kind. Because legislation like POPIA includes many potential applications and exceptions, rather consult legal experts when planning your compliance strategy and / or dealing with data compliance issues.
