Discover how our products can revolutionize the way you communicate and collaborate.


Explore our advanced voice solutions designed to optimize your communication workflows.

Diverse range of DID number solutions designed to enhance your communication capabilities.

Experience unparalleled communication efficiency with our advanced SIP Trunking Solutions.

Cutting-edge technology to proactively detect and neutralize spam flags on your DID Numbers.


Wherever your audience is, our platform ensures seamless messaging across diverse channels.

Build customer journeys by fostering interactive conversations, all within the framework of your app. 

Connect with your audience in a simple and effective way through our cutting-edge SMS platform. 


Harness the power of IDT as your chosen carrier while leveraging your platform’s advanced features and services.

Integrate Twilio with our robust carrier routing platform to achieve unparalleled Voice termination system.

Experience reliable and high-quality communication services while leveraging the advanced capabilities of Genesys. 

Integrate IDT with the collaborative strength of MS Teams, unlocking efficient and feature-rich communication. 

Experience the power of our carrier network seamlessly connected to Plivo through our cutting-edge BYOC solution. 


Experience the power of our online voice tools, designed to simplify communication management. 

Ensure the authenticity and integrity of outbound calls with our STIR/SHAKEN Verification Check tool. 

User-friendly tool to verify the reputation of your business number, ensuring that it remains trusted. 

Compare and gain insights into outbound call expenses, optimize budget, and make informed decisions. 

Easily estimate and compare the costs associated with different DID numbers providers. 

Compare inbound VoIP rates among top CPaaS providers and optimize your inbound call costs. 

Generate custom SMS templates. 


Empower yourself with the resources you need to thrive in the dynamic landscape of communication.

Articles covering a wide range of topics.

Get answers to common queries.

Find instructions to make the most of our products.

Discover telecom insights and trends.

Find definitions of popular telecom terms.

Explore how our solutions have helped businesses.

Latest telecom trends, innovations, and market insights.


A global telecom partner built to meet your needs. 

Discover the story behind our commitment to delivering innovative solutions to connect people and businesses worldwide. 

Learn about our robust network infrastructure that spans across the globe, ensuring reliable and secure connectivity. 

Got a question, feedback, or need assistance? Our dedicated team is here to help!

Find partners or sign up for partnership programs.

Learn / Blog

SMS Data Privacy Under GDPR: Best Practices Unveiled

|  6 min
In this article

The European Union’s General Data Protection Regulation (GDPR) has permanently changed the marketing landscape the world over – and SMS marketers need to pay close attention to ensure they are 100% compliant 100% of the time. 

GDPR compliance is nothing short of essential, as being found to be in violation of the rules can lead to huge fines and ruinous consequences for your business. 

As an SMS marketer, you may have already gone through the hard work of identifying your target audience and capturing their phone numbers. You may have already strategized your campaign, and even crafted the copy for a string of SMS messages for every lead and customer in every stage of the sales and marketing funnel. 

But, before hit send on a single one of those text messages, it is paramount that you review your campaign and confirm without a shadow of a doubt that you are absolutely GDPR compliant. 

We don’t mean to scare you. And in fact, there’s no reason whatsoever that you can’t launch highly rewarding SMS marketing campaigns and win lots of new customers for your business. Indeed, SMS marketing is an extremely powerful channel. Recent figures from Grand View Research reveal that the US SMS marketing market is growing at a CAGR of 20.3% from 2019 to 2025, when it will be valued at $12.6 billion. 

(Image source: grandviewresearch.com)

What’s more, 91% of customers say that they want to receive SMS messages from businesses, and 56% do so already. 

Nonetheless, before you can give these customers what they want, it’s crucial that you understand precisely how you can do so in a way that ensures your campaigns are GDPR compatible. 

Thankfully, you’re in the right place. In this blog post, we’ll take a deep dive into the General Data Protection Regulation and explain what you need to know about obtaining consent, data collection, and maintaining a robust and GDPR compliant data privacy policy for your SMS marketing campaigns. 

What Is the GDPR? 

The General Data Protection Regulation is a regulation enforced by the European Union (EU) that governs data privacy and security. Implemented in May 2018, it’s considered one of the strictest privacy laws in the world.

The GDPR applies to any organization processing the personal data of EU residents, regardless of whether or not the organization itself is located in the EU. This means that the GDPR has global implications for businesses with international customers. For example, a business in the US that serves customers in France, Germany, or any other EU country must abide by the rules of the regulation to avoid penalties.

These penalties can be huge. For severe violations of the regulation, fines can be as much as €20 million or 4% of annual turnover – whichever is higher. So, it’s safe to say that all marketers that deal with EU citizen data need to take the GDPR very seriously indeed. 

What the GDPR Means for SMS Marketing

The GDPR applies to SMS marketing just like it does with any other form of digital communication. Here are the key elements that SMS marketers need to remember. 

Gone are the days of pre-checked boxes or implied consent. Businesses must now acquire explicit, freely given consent from individuals before sending them marketing messages. This means clear opt-in mechanisms that mention SMS marketing specifically.

Transparency Matters

The GDPR requires organizations to inform individuals about the intended use of their collected phone numbers, which includes the type of marketing content they can expect to receive via SMS. In addition, a clear and accessible privacy policy outlining your organization’s data collection practices is mandatory.

(Image source: emotive.com)

Opt-Outs Must Be Offered 

The GDPR doesn’t dictate the specific method, but businesses must provide a clear and straightforward opt-out option within every SMS message they send to customers. Businesses must then respond to opt-out requests as promptly as possible and cease sending SMS marketing messages to the customer immediately.

Data Security Takes Priority

Mobile phone numbers are considered personal data under GDPR. As such, businesses must implement appropriate technical and organizational safeguards to protect this information from unauthorized access, loss, or misuse at all times. 

Best Practices for GDPR Compliant SMS Marketing 

Remember, the GDPR doesn’t ban SMS marketing. Rather, it ensures that individuals have control over their data and only receive marketing messages they’ve actively opted-in to receive.

Here are the best practices you should adhere to when conducting your SMS marketing. Following them will make sure your campaigns remain legal, while maximizing your chances of commercial success.  

Obtain Explicit Opt-ins 

Since consent is king when it comes to the GDPR, all SMS marketers must make sure that customers actively opt-in to receive SMS marketing messages. This means that you cannot rely on any form of assumed or implied consent from prospects and customers. You cannot, for example, use pre-ticked checkboxes that state the customer is happy to receive texts from you. The reason is that the customer has to then actively opt-out by un-ticking the checkbox, whereas the regulation mandates the customer needs to actively opt-in by ticking it themselves. 

Some ways in which you might obtain proper consent include having the customer:

  • Click an opt-in button or link online
  • Select from equally prominent yes/no options
  • Respond to an email requesting consent
  • Sign a consent statement 

You also cannot assume consent just because a customer has provided their mobile phone number. Again, even with their phone number, you must obtain the customer’s explicit consent to use it to contact them via text before you do so.

Offer Easy Opt-outs

Once you’ve obtained a customer’s consent to send them SMS marketing messages, you cannot then assume you have their consent forever. A customer may change their mind at any time. As such, it is imperative you have measures in place to make it as easy as possible for them to opt-out of all SMS marketing campaigns.

Typically, to comply with this rule, businesses sign off text communications by saying something like “Text ‘STOP’ to 1234 to opt out from all text message marketing”. Another option is to include a link to the customer’s account from where they can easily unsubscribe or adjust their consent options. 

No matter how you do it, as soon as a customer’s consent is retracted, you must immediately remove their phone number from your SMS marketing lists. 

Maintain a Robust Data Privacy Policy

Crafting a robust data privacy policy is crucial for GDPR compliance. More than this, however, it’s paramount to fostering trust with your audience. 

Here’s how you can ensure your privacy policy is not just compliant but also transparent and user-friendly.

Regular Updates 

Your privacy policy should not be a static document gathering virtual dust. Keep it dynamic by revisiting and updating it regularly, especially when there are changes in how data is handled. This demonstrates your commitment to transparency and compliance with evolving regulations.


Make sure your privacy policy is easily accessible. Provide a link to it whenever customers subscribe to your SMS marketing campaigns. Additionally, ensure it is prominently displayed on your website and consider including a link at the end of each SMS message for easy reference.

Comprehensive Content

Your policy should cover all the bases required by GDPR. This includes clear explanations of how data is collected, processed, and stored. 

Clarity and Simplicity

GDPR mandates that privacy policies be presented in “clear and plain language.” Avoid legal jargon or overly technical terms that might confuse your audience. Instead, strive for simplicity and clarity so that everyone, regardless of their level of technical expertise, can understand how their data is being handled.

Responsiveness to Change

As your business grows and evolves, so too may your data handling practices. Each time there’s a change in how data is processed or stored, update your privacy policy accordingly. Transparency is key, and your privacy policy should always reflect the current state of affairs regarding data handling.


Your privacy policy should serve as the go-to resource for customers seeking information about how their data is processed and where it resides. By being transparent about your data practices, you build trust with your audience and demonstrate your commitment to respecting their privacy rights.

Craft GDPR Compliant SMS Marketing Campaigns with IDT Express

By following these best practices, you can navigate the GDPR landscape with confidence and craft SMS marketing campaigns that are both effective and compliant.

IDT Express offers a suite of solutions designed to streamline your SMS marketing efforts, including reliable message delivery and insightful analytics. Together with a commitment to data privacy, you can unlock the power of SMS marketing to connect with your EU audience and achieve your marketing goals.

To learn more about how IDT Express can help you launch and succeed with GDPR compliant SMS marketing campaigns, book a meeting with our experts today

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *


Meet our wholesale voice routing

Fulfill all your voice calling needs with our category leading wholesale A-Z Voice Termination.
Try IDT Express for a $25 Credit

Get $25 Free Trial Credit

Get IDT Express articles in your inbox

The best source of information in the telecom industry. Join us.

    Most Popular

    |  7 min
    Introduction to Toll-Free Forwarding In today’s fast-paced business landscape where...
    |  7 min
    Introduction to Caller ID Reputation Caller ID reputation is a...
    |  6 min
    The European Union’s General Data Protection Regulation (GDPR) has permanently...