The GDPR requirements demand companies gain consent before collecting or processing personal data. There are requirements for how that consent can be requested.
For example, a person can consent through a check box on a web form or by email. Consent must be obtained in an easy-to-read format and allows the user control over the choice. For example, consent is rendered invalid if it is required to use a service or receive a resource like a whitepaper.
Requesting consent can be achieved through a variety of opt-in methods. Apps and websites can provide onscreen explanations or pop-up notifications to show users what data is being collected and explain what happens after submission. GDPR specifically prohibits the use of pre-checked options—so be sure to avoid using them.
Additionally, GDPR requires organizations to protect private data and keep records of how data and consent were obtained. Consent without supporting documentation is considered invalid.
Here are a few requirements when collecting opt-ins for WhatsApp
- A user must first consent to receive messages in WhatsApp by opting into them via a third-party channel, such as your website, app, email, SMS, retail location, etc.
- The opt-in must be an active opt-in. This means it must be triggered by a user action, such as entering a phone number or checking a box to indicate consent.
- Clear opt-in messaging so that a user knows what type(s) of messaging the person is signing up for.
This is how you share the mobile phone number (opt-in) between the Facebook Business Manager Account and your customer’s consent.