Respecting customer privacy and managing consent properly is essential for sustainable messaging. DMLY provides the tools you need to collect, manage, and honor user consent — helping you stay compliant with GDPR (General Data Protection Regulation) and other data protection regulations.

What is GDPR?

The General Data Protection Regulation (GDPR) is a European data privacy law that governs how personal data is collected, processed, stored, and used.

Even if your business is not located in the EU, GDPR may apply if you:

• Process data of EU residents

• Send marketing messages to EU customers

• Store personal data internationally

Key GDPR Principles

When using DMLY, you should follow these core principles:

1. Lawful Basis for Processing
   You must have a valid reason (e.g., consent, contract, legitimate interest) to process personal data.

2. Explicit Consent for Marketing
   Users must clearly opt in before receiving promotional messages.

3. Data Minimization
   Only collect the data you actually need.

4. Right to Access & Deletion
   Users can request access to or deletion of their data.

5. Transparency
   Users must know how their data will be used.

Consent Collection Best Practices

To remain compliant, ensure that:

• Contacts explicitly opt in before being added to marketing segments

• You store proof of consent (e.g., timestamp, source)

• You clearly explain what type of messages they will receive

• You provide an easy opt-out option

WhatsApp Marketing & Consent

WhatsApp requires businesses to:

• Send marketing messages only to opted-in users

• Include clear opt-out instructions

• Respect unsubscribe requests immediately

Recommended Template Footer:

Reply “STOP” to unsubscribe from our updates.

Opt-Out & Unsubscribe Management in DMLY

DMLY supports automated opt-out management:

When a Contact Sends:

• STOP

• Stop

• stop

DMLY can automatically:

• Apply the Unsubscribe tag

• Remove them from marketing segments

• Prevent future promotional broadcasts

This ensures compliance and protects your WhatsApp quality rating.

Segmentation & Consent Control

You should always:

• Create a marketing segment

• Exclude contacts with the tag: Unsubscribe

• Select the correct workspace when sending broadcasts

Example segment rule:

• Include: Marketing Contacts

• Exclude: Unsubscribe

This ensures only consenting contacts receive campaigns.

Data Access & Deletion Requests

Under GDPR, users can request:

• A copy of their data

• Correction of incorrect data

• Deletion of their data (“Right to be Forgotten”)

In DMLY, you can:

• Export contact data

• Edit contact details

• Delete contacts permanently

Always respond to such requests promptly.

Data Storage & Security

DMLY implements:

• Secure data handling

• Role-based access controls

• Workspace separation

• Controlled user permissions

You should:

• Limit staff access to only necessary data

• Avoid exporting sensitive data unnecessarily

• Use strong authentication practices

Consent Record Keeping

For compliance tracking, consider storing:

• Consent source (e.g., Website form, Event, WhatsApp)

• Date of opt-in

• Campaign name

• IP address (if applicable)

You can use Custom Attributes in DMLY to track this information.

Example:

• ConsentSource: Website Form

• ConsentDate: 2026-02-15

What to Avoid

• Uploading purchased contact lists

• Messaging users without explicit opt-in

• Ignoring unsubscribe requests

• Re-adding unsubscribed contacts without consent

• Sending promotional messages outside approved templates

Beyond GDPR

Other regulations you may need to consider:

• CAN-SPAM (USA)

• PECR (UK)

• LGPD (Brazil)

• POPIA (South Africa)

The core principles remain similar:

• Consent

• Transparency

• Opt-out control

• Data protection

Best Practices Summary

Always collect explicit consent
Include opt-out instructions in every marketing message
Automate unsubscribe tagging
Exclude unsubscribed contacts from campaigns
Keep clean, organized segments
Respond quickly to data requests