The 25 May 2018 General Data Protection Regulations (GDPR) compliance deadline is less than a month away and BulkSMS has been busy getting ready. GDPR legislation specifically relates to our clients in EU member states, but it is also applicable for any client sending SMS messages to recipients within EU member states. Due to this, GDPR may well be seen as a new global privacy regime for processing personal data. We expect more and more countries to align their data protection laws in accordance with the EU’s lead with GDPR.

We are putting the final touches to our GDPR compliance preparedness. Our readiness process has taken into account how BulkSMS acts as both a data controller in relation to our clients and a data processor in providing an A2P SMS messaging platform to enable our clients to send communications to intended message recipients.

We have undertaken our data impact assessment and are currently preparing our data impact assessment report, a resource that can be made available to our clients. We have also drafted a Data Processing Addendum (DPA) and are in the process of updating the BulkSMS Terms and Conditions of service to reflect the DPA, which will be effective from 25 May 2018. Furthermore, we have drafted a Data Protection Agreement, based on the EU’s model clauses, for any supply-side contracting for data processing. In getting ready for GDPR we have been moving EU related data to cloud hosted servers in the EU. Nevertheless, we continue to run back-up and business continuity redundancies through our South African operations and as such our terms of service and Privacy Policy set out the protection of personal data when transferred between EU members states and South Africa in the provisioning of our services.

For more information about BulkSMS’s compliance with GDPR, please contact our Data Protection Officer, Dr Pieter Streicher: Managing Director at on or contact our offices.