author
James O'Hare2022-09-14

Keeping your data safe: GDPR measures at LINK

Working in the messaging space requires you to be familiar with GDPR and how it impacts your day-to-day activities. Explore how this is applied at LINK in our latest blogpost.

In complex data ecosystems, like the messaging industry, GDPR aims to establish consumer trust. As a result, businesses will be able to live and thrive within the digital economy by understanding how to nurture trust instead of exploiting it.

Consumers now consider enterprise messaging to be "the norm" for many types of communications. Customer service notifications, marketing and promotional deals, two-factor authentication messages when creating an online account, and everything in between makes the list. In fact, GDPR affects any communication tool that stores personal data, including SMS, MMS, RCS, OTT channels, voice, and video.

GDPR dictates what you need to do if you process personal data (including storage of metadata from communications) for companies engaged in messaging. GDPR lays down the legal requirements for the processing of personal data (like obtaining consent or using legitimate interest). However, it does not specifically state whether you can communicate with consumers in any given scenario, as it depends on the communication flow and might be covered for example by E-Privacy directive implementation.

Our commitment: What GDPR means for our customers

Since 2018, LINK has continuously been implementing a privacy control framework, reviewing its processing procedures, and evaluating how it stores and retains data in its systems in accordance with GDPR principles. In addition to privacy by default and design, data inventory and privacy impact assessments are some of these measures.

LINK has a Legal and Compliance core team comprised of senior members of the Legal, Compliance, and Data Protection teams that work together with Product and Technical teams, dedicated to ensuring that LINK is GDPR‑compliant. Data security and protection are essential components of compliance with privacy laws. For every new product, we are set to apply the Data Protection by Design principles.

For example, the requirements encompass data flows, exact storage locations and retention periods. We are able to minimise the extent of the data stored as well as length of the storage to a required minimum.

LINK also appointed a Data Protection Officer that continuously monitors and audits the state of privacy implementation in LINK. If you have any questions regarding privacy, you are always able to contact LINK’s DPO at dpo@linkmobility.com.

To learn more, read our privacy statement, which covers in detail how and why we collect data and how we handle our data at LINK.

Mobile Messaging: How to Stay Compliant with GDPR

A business can future-proof itself by keeping its data strategy aligned with data protection under GDPR. Use the checklist below to ensure that you’re keeping compliant, while keeping customer data secure.

1: Clearly communicate opt-out and opt-in options

The GDPR compliance requirements for mobile marketing are the same as those for email marketing. Opt-ins can be relatively easy once you publish your company’s business mobile number and customers can text in a particular keyword (e.g., SUBSCRIBE) to consent. For recipients to stop receiving messages, it is as simple as responding STOP or NO. You must always give customers the option to opt-out, even after they have given consent.

Here are some effective opt-in and opt-out examples:

Opt-in examples:

"Hi! You’ve opted into LINK Mobility’s SMS services. Please reply with YES to confirm."

"Want improved customer service? Text YES to (XXX) XXX – XXXX to opt into our business text messaging services."

Opt-out examples:

"Hello, this is LINK Mobility! Don’t forget to read about our latest WhatsApp offers, tailored for your local market, available on our website. Text END to stop receiving texts."

"Reminder! Our monthly LINK Mobility newsletter is now available via email. Text STOP to unsubscribe."

2: Avoid collecting too much information

Mishandling personal data can also be prevented by not collecting it in the first place! So, don’t collect data that you don’t need.

3: Let Customers Choose Their Communication Method

When it comes to mobile marketing GDPR rules, merely collecting a phone number does not always give you permission to use it in any scenario. In addition, depending on the communication scenario you could be required to ask people if they would like to receive communications from you on the channel you reach out on (I.e. SMS, WhatsApp).

4: Protect personal information by limiting access

Secure servers should always be used to store personal data. Additionally, you should limit the people who have access to it to a minimum. Access and use of personal data should only be permitted to those who genuinely need it and have the appropriate authority.

5: Keep Customers Informed

Just as you are in some cases required to gain consent, you need to also keep your customers informed about the types of information they receive when opting in. Be clear about what they can expect from you: news, coupons, special offers, or general information about your business.