Riding high on a wave of success with your global business – then BAM – regulations come out of nowhere! It’s easy to unwittingly walk into a closed-door when it comes to the how, when, and where of legally interacting with your clients. Without excellent guidance, it’s all too easy to stray into troubled waters. 

Since May 2018, we’ve seen a global campaign to enact a wave of regional data privacy regulations. These regulations are almost all motivated by the same common goal: making digital experiences safer and more secure for consumers. 


How Governments Are Protecting Consumers


The long list of consumer data privacy regulations includes GDPR (Europe’s General Data Protection Regulations), POPI (South Africa’s Protection of Personal Information), LGPD (Brazil’s Lei Geral de Proteção de Dados), and CCPA (California Consumer Privacy Act). Data privacy regulators sure do love those acronyms! 

Quick detour: CCPA is unique and deserves some special attention. Unlike the other countrywide or multi-national regulations, CCPA only applies to California residents rather than all United States citizens. Regulation structure in the US allows individual state governments to have mandates that do not apply at the federal level. But because California is such a behemoth – the single state boasts claim to the world’s 5th largest economy and a population of nearly 40 million – businesses across the US have enacted CCPA best practices.

Okay, back to the big picture; what’s the impact if you slip up and unknowingly, hopefully not intentionally, breach the terms of consumer data privacy regulation? Quite a lot, it turns out. Let’s use GDPR as an example…


Fines, Fines, and More Fines


There are two tiers of GDPR fines:

1) Less severe infringements – a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. That’s right, €10 million minimum for the lesser infractions!

2) More severe infringements – going against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR – a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

You can see, these regulators aren’t messing around.


But I Still Need to Communicate with My Customers?


Marketing through application-to-person (A2P) messaging is a powerful tool for brands to reach their consumers directly. It can fulfill many purposes, from brand awareness and community building to sales outreach and long-term retention. However, as well-intentioned as your company may be, it’s not a free-for-all. 

The use of A2P messaging – which includes SMS, WhatsApp, Viber, and other channels – is heavily regulated. Legal requirements vary depending on the region. The consequences for failing to comply can result in significant reputation damage at best and criminal lawsuits allied with eye-watering costly fines at worst. 

But let’s not forget your customers’ attitudes and feelings about how your brand communicates with them. After all, time is the most valuable thing people have, so you need to be sure your content is of value to them and your frequency of interaction, a comfortable rate that does not annoy. 


Four Steps to Stay Compliant and Keep Your Customers Engaged


Staying on the right side of the law while keeping your customers engaged doesn’t have to be arduous. Having a straightforward and easy-to-follow process is the key to making it work. Here are the four steps we recommend any organization takes:

Step #1: Only message people who have given you explicit permission to do so – also referred to as “opted-in”.

Step #2: Always provide an opt-out option. Zero exceptions. And make the option clear for your customers to see – but of course not so prominent it overshadows the message you are conveying!

Step #3: Maintain a list of all customers who have explicitly opted-out. Don’t just delete the contact from your approved recipient list. While not an obvious step, it is an important one because sending messages to opted-out consumers is a near-universal violation – that is, of course, unless they opt-in again later!

Step #4: Always check your opt-out list before sending your message.

Now that’s much easier than forking over piles of cash for non-compliance.


Stay Vigilant and Collaborate with Compliant Partners


While you always remain accountable for the customer data you hold, partnering with an established business messaging provider can help lessen the burden. 

Find a partner that has your back, knows the messaging landscape, and maintains compliance with global rules and regulations. Prioritize a partner that offers an intuitive omnichannel customer engagement solution that brings together A2P SMS, chat apps, and the channels your customers prefer at an unrivaled cost-efficiency. 

Lucky for you, we are that partner – Mitto