Profile information Account settings
Logout
Sign up Sign in

The Privacy and Electronic Communications Regulations (PECR)

The PECR is the primary legislation that governs electronic marketing activities, including text message marketing, in the UK. Under the PECR, businesses must obtain valid consent from recipients before sending marketing messages via SMS. Consent should be:

  • explicit

  • freely given, and

  • specific to the intended purpose of the communication

Additionally, businesses are required to provide clear opt-out instructions in every message sent.

Consent is a fundamental aspect of SMS marketing compliance. Businesses must ensure that they have obtained permission from individuals to send marketing messages to them. Consent cannot be assumed. It should be an active, positive indication from the recipient. The burden of proving consent lies with the sender of a message, so maintaining proper records is crucial.

Sending unsolicited marketing messages (ie spam) is strictly prohibited in the UK. Businesses can only send marketing texts to recipients who have given explicit consent or those who have an existing customer relationship. Acquiring contact lists from third-party sources without clear consent is a violation of the PECR.

The UK General Data Protection Regulation (GDPR)

In addition to the PECR, businesses engaging in text message marketing must adhere to the UK GDPR, which alongside the Data Protection Act 2018, largely governs the processing (eg collection and use) and protection of personal data (ie information about individuals from which they may be identified) in the UK. SMS marketing involves the collection and storage of individuals’ personal data (eg their names and phone numbers), which necessitates compliance with GDPR principles.

To ensure compliance with the UK GDPR, businesses engaging in SMS marketing should take heed of the following key considerations:

Obtaining proper consent

As mentioned earlier, obtaining valid consent from individuals is crucial for SMS marketing. Businesses must ensure that they have explicit consent from recipients to send marketing messages. 

Consent should be freely given, specific, and informed. It should not be buried in lengthy terms and conditions or assumed through pre-ticked boxes. Providing a clear opt-in mechanism (eg boxes that must be ticked or buttons that must be clicked) is essential to show that individuals have actively agreed to receive SMS marketing communications.

Transparency and privacy notices

Businesses should be transparent with their customers regarding how their data will be used for SMS marketing purposes. Privacy notices or policies should be provided at the time of data collection, informing individuals about the type of data being collected, the purpose of the collection, and how the data will be processed and used for marketing purposes. It is essential to inform individuals of their rights regarding their personal data.

Secure data storage

Once personal data is collected for SMS marketing, businesses must ensure it is securely stored. Implementing robust security measures is vital to prevent unauthorised access, data breaches, and misuse of personal data. For example, encryption and access controls should be in place to safeguard the data from potential threats.

Data retention policies

Businesses should have clear data retention policies in place to determine for how long personal data will be kept for SMS marketing purposes. Data should not be retained for longer than necessary and, once the purpose for which the data was collected has been fulfilled, it should be deleted or anonymised.

Individual rights

Under the UK GDPR, individuals have various rights regarding their personal data. Businesses should be prepared to address requests from individuals to access, rectify (ie correct), or erase their data. Additionally, individuals have the right to object to the processing of their data for marketing purposes and businesses must honour such requests promptly.

Third-party processors

Businesses might engage third-party processors (ie other organisations that handle data, such as external marketing agencies or cloud storage platforms) to handle SMS marketing campaigns or manage customer data. If they do so, businesses must ensure that these processors also comply with data protection rules. Data processing agreements should be in place to outline the responsibilities and obligations of both parties regarding the protection of personal data.

The overall framework

In SMS marketing, data protection is of paramount importance to maintaining customer trust and complying with legal requirements. By obtaining proper consent, being transparent about data usage, implementing secure data storage measures, and honouring individual rights, businesses can conduct SMS marketing campaigns responsibly and ethically. Taking data protection considerations seriously will not only protect businesses from potential legal consequences but can also foster stronger relationships with customers who appreciate their privacy being respected.

Best practices for UK text message marketing

With concerns rising over data privacy and spam, it is essential for businesses to adopt best practices to ensure compliance with the legal framework set out above. This also helps them to respect recipients’ preferences and to build lasting customer relationships. Here are 4 best practice tips for UK text message marketing:

1. Obtain explicit consent

Obtaining explicit consent from recipients is the foundation of ethical text message marketing. Businesses should use clear opt-in methods and provide information about consent in clear language to ensure recipients fully understand what they are signing up for. Avoid pre-checked boxes and ambiguous language. Instead, make sure users actively agree to receive marketing messages via SMS. 

Implementing a double opt-in process, where users confirm their subscriptions through a follow-up message, adds an extra layer of compliance and demonstrates a commitment to responsible marketing.

2. Ensure transparency and information provision

Honesty and transparency go a long way in building trust with your audience. Provide clear information about a sender’s identity, so recipients know who SMS marketing messages are coming from. 

Additionally, explain the frequency of messages and the type of content users can expect to receive. Transparency helps manage expectations and ensures that recipients understand what value they will receive from subscribing to a service.

3. Conduct proper subscriber preferences management

Allowing users to manage their preferences is crucial for respecting their choices. Offer easy and visible opt-out options in every message so that recipients can unsubscribe effortlessly if they wish to do so. 

Furthermore, empower users by providing options users can use to customise their message preferences. Allowing recipients to choose the frequency of messages or the specific topics they are interested in enhances their engagement and reduces the likelihood of opt-outs.

4. Make policies and processes for data security and retention

Protecting personal data is a legal and ethical imperative. Ensure that all data collected for text message marketing is securely stored and transferred. Implement encryption and access controls to safeguard against unauthorised access or breaches. 

Additionally, set appropriate data retention policies, ensuring that personal data is retained only for as long as necessary for the intended marketing purposes. Dispose of data in a secure and responsible manner once it is no longer needed.

Common pitfalls in text message marketing and how to avoid them

Text message marketing can be a powerful tool for engaging with your audience, but it’s important to navigate potential pitfalls to ensure successful campaigns and maintain a positive brand image. 

Here are 3 common pitfalls in text message marketing and strategies you can use to avoid them:

1. Sending unsolicited messages

Sending unsolicited marketing messages can lead to legal complications, damage to customer relationships, and harm to your brand’s reputation.

Solution: It’s crucial to obtain explicit consent from recipients before sending any text messages. Build a consent-based subscriber list by implementing clear opt-in methods. Clearly communicate the value of subscribing and the type of content recipients can expect. Maintain accurate records of consent to demonstrate compliance if needed.

2. Lack of clarity in marketing content

Unclear or misleading marketing messages can confuse recipients, leading to frustration and opt-outs. 

Solution: It’s vital to ensure that your content is clear, accurate, and aligned with recipients’ expectations. Craft concise and transparent marketing messages. Clearly state the purpose of the message, the sender’s identity, and any call-to-action (eg prompts to make purchases). Avoid using deceptive tactics or false promises that could erode trust.

3. Ignoring opt-out requests

Failing to honour opt-out requests promptly can irritate recipients and harm your brand’s reputation. Ignoring opt-outs also risks violating regulations and damaging customer trust.

Solution: Provide clear and easily accessible opt-out options in every message. Respect opt-out requests immediately and ensure that recipients are promptly removed from your marketing list. Regularly update your opt-out list to ensure compliance.

By avoiding these common pitfalls and implementing best practices, you can create effective and respectful text message marketing campaigns that engage recipients, build brand loyalty, and comply with regulations. Managing your text message marketing campaigns using dedicated text message marketing software can help you carry out these best practices. Remember that ethical and responsible text message marketing is not only legally required but also essential for maintaining a positive relationship with your audience.

Final thoughts

Vigilance and adherence to legal regulations are the foundation of successful text message marketing in the UK. By sidestepping the pitfalls of unsolicited messages, embracing transparency in content, and valuing opt-out requests, businesses can forge a path towards compliance and credibility. 

These practices not only mitigate legal risks but also nurture strong connections with recipients, reinforcing brand integrity and strengthening positioning in the competitive text message marketing landscape.


Alexa Lemzy
Alexa Lemzy
Customer Support Advisor at TextMagic

Alexa Lemzy is a Customer Support Advisor at TextMagic. She is passionate about helping businesses grow through the use of technology.

You can keep up with her latest articles and updates on X (Twitter). In her spare time, she likes to read and travel.

Ask a lawyer

Get quick answers from lawyers, easily.
Characters remaining: 600
Rocket Lawyer On Call Solicitors

Try Rocket Lawyer FREE for 7 days

Start your Premium Membership now and get legal services you can trust at prices you can afford. You’ll get:

All the legal documents you need—customise, share, print & more

Unlimited electronic signatures with RocketSign®

Ask a lawyer questions* and get a response within one business day

Access to legal guides on 100s of topics

A 30-minute consultation with a lawyer about any new issue

33% off hourly rates or a fixed price if you need further legal help

*Subject to terms and conditions