GDPR and WhatsApp marketing
The GDPR fully applies to WhatsApp marketing: phone numbers are personal data and their promotional use requires a legal basis, typically explicit consent, plus a transparent privacy notice, the ability to withdraw, data minimization and processing agreements with the providers involved. Violations expose you to fines from the data protection authority, on top of Meta's penalties.
The key obligations: collect free, specific and documented consent for promotional communications on WhatsApp, where Meta's required opt-in and GDPR consent converge; publish a notice with purposes, retention periods and rights; honor withdrawals and deletion requests without delay; record the processing in the register. The platform you use acts as a data processor and must be bound by an agreement under Article 28.
On transfers, data handled through Meta may move outside the EU under the standard contractual clauses and the current EU-US framework, and the business must account for this in its notice. Frequent mistakes to avoid: importing address books collected for other purposes, using purchased lists, continuing sends after a STOP, keeping conversations longer than necessary. The guiding principle is demonstrability: every consent must have a date, a source and the text shown.
SendApp helps on the operational side: consent and source can be recorded on every contact, and opt-out is automatic via keywords, so every send stays documentable.
Related terms
Frequently asked questions
From theory to practice
Everything you read in this glossary can be done with SendApp: try it free, no credit card required.