The EU General Data Protection Regulation (“GDPR”) comes into effect on May 25, 2018 and will replace the existing EU data protection law.
GDPR gives individuals control over how their personal information is stored and used by companies.
We recommend reading our Privacy, GDPR and Timely guide first, for more information.
In this guide, we’ll cover how Timely can help you to comply with those requirements:
Disclaimer: The contents of this guide and other related GDPR guides are for general information purposes only and do not constitute legal advice. We recommend or talking with your lawyer, or seeking legal advice, about what your business needs to do to be compliant.
Collecting and processing information lawfully
Under GDPR, it is the responsibility of the businesses using the data (that’s you) to prove that an individual’s information is being collected and stored legally/lawfully.
You will need explicit consent to send customers any marketing material via SMS or email. This includes things like newsletters, special offers and other promotional materials. You will need to provide adequate proof that your customers have consented or agreed to receiving marketing messages.
This will apply to any new customers, but will also affect any existing customers added prior to the 25th May, 2018. If a customer's consent was given in line with the regulations (i.e. they gave explicit consent and weren't automatically opted-in), then you don't have to collect their consent again.
If customers were automatically opted-in to marketing messages, you must get consent from the customer before you can resume any further marketing messages. Soliciting consent via SMS or email, after the 25th of May 2018, will directly violate the GDPR regulations.
Customers must be able to consent to marketing communications separately from your privacy policy, and be able to revoke or withdraw their consent at any time.
You can find out more about the lawful basis for processing information on the Information Commissioner’s Office (ICO) website ( Link).
Recording and managing consent
In Timely, you can send a variety of messages to customers via SMS (text) or email. A customer’s settings and preferences are recorded in their profile and can be updated at any time. This includes:
- SMS/email reminders*
- SMS/email booking changes*
- Follow up messages
- Rebooking reminders
- SMS/text marketing (Bulk SMS)
- Email marketing (via Mailchimp)
SMS/email reminders and booking changes are covered under service-based messages, so as long as these are covered in your privacy policy they don’t require a specific opt-in or additional consent from customers. These settings can always be updated in Timely to suit the customer’s requirements.
As Rebooking reminders and Follow up messages can be used for service delivery or marketing purposes, we recommend collecting explicit consent from customers before sending them these types of messages. This can be done by updating their settings, at the time of their visit.
Our How to set individual reminder settings for customers guide has detailed instructions for updating a customer's notification settings.
Bulk SMS marketing via Timely
Timely has a bulk SMS option that allows you to send a single SMS to all of your customers. At the moment, customers are able to opt-out of receiving those messages by replying with "STOP". Customers will have been opted-in to receive those messages by default.
To comply with GDPR, customers will need to explicitly opt-in to this service - this includes both new and existing customers. Failure to opt out of these messages (by replying STOP to a previous bulk SMS message) is not a valid measure of consent.
Email marketing via MailChimp
If you have the MailChimp connection active, customers will be given the option to opt-in to email marketing via MailChimp when they are booking online.
They can check the box next to “I want to receive emails with the latest news and updates from <Your Business>” to opt in:
Once a customer is subscribed to MailChimp, you can manage their subscription in MailChimp directly: Unsubscribe people from a list. Check out our Troubleshooting | MailChimp guide for more information on managing consent and subscriptions via MailChimp.
MailChimp also have a few guides around GDPR that are well worth a read:
Complying with a rights request
Under the GDPR, individual’s also have a number of rights around how their information is used by organisations.
Our How to manage personal information requests guide steps you through those rights and the tools available in Timely to ensure you can comply with them.