← Back to blog
Legal 7 min read1 May 2026

Is it legal to ask customers for reviews via WhatsApp? GDPR and best practices

Resolve all legal questions about sending WhatsApp messages to request reviews: what GDPR says, which legal basis applies and how to do it correctly.

The question that holds many businesses back

«Can I send a WhatsApp to my customers asking for a review?»

The short answer is: yes, in most cases, if done correctly. The longer answer requires understanding the applicable legal framework.

Note: This article is for informational purposes only and does not constitute legal advice. Consult a data protection specialist for your specific situation.

What legal framework applies in the UK?

  1. UK GDPR (retained from EU GDPR): regulates the processing of personal data, including phone numbers.
  2. Privacy and Electronic Communications Regulations (PECR): specifically regulates electronic marketing communications (including WhatsApp messages).

The legal basis: consent or legitimate interest?

Explicit consent (Art. 6.1(a) UK GDPR)

The customer has expressly agreed to receive communications from the business. This is the safest approach.

How to obtain it: in the contact form, booking form or purchase receipt, the customer agrees to receive WhatsApp communications.

Legitimate interest (Art. 6.1(f) UK GDPR)

Asking a customer for feedback on a service they've just received can qualify as legitimate interest, especially when:

  • The phone number was voluntarily provided by the customer.
  • The communication directly relates to the existing commercial relationship.
  • The customer can easily object.

Important: legitimate interest requires balancing the business interest against the customer's rights. Explicit consent is always stronger.

PECR and unsolicited communications

PECR restricts sending unsolicited marketing messages by electronic means without consent. However, asking for a review isn't strictly a marketing communication — it's a service follow-up.

If the message includes an offer or discount, explicit consent becomes more important.

Best practices

1. Use the number the customer gave you voluntarily

The number must have been provided directly by the customer in the context of the commercial relationship.

2. Inform customers at the point of service

On the receipt, form or verbally, let them know you may send a follow-up message.

3. Always include an opt-out

«Reply STOP if you don't want to receive further messages.»

4. Don't retain numbers longer than necessary

Set a clear retention policy (e.g. 12 months from last contact).

5. Document your legal basis

In case of an ICO enquiry, you must be able to demonstrate the basis on which you processed the data.

Summary

SituationRecommendation
Customer gave number voluntarily + recent commercial relationshipYes, on legitimate interest basis
Customer explicitly consentedYes, no doubt
Number obtained from external sourceNot recommended
Message includes offer or incentiveExplicit consent advisable

Share this article

XLinkedInWhatsApp

Ready to automate your reviews?

Put everything you've read into practice. Set up in under 1 minute.

Get started free →

Previous article

Google's local algorithm: what reviews are and how they affect your ranking

Next article

How to remove negative Google Maps reviews: what you can (and can't) do

Related articles

How to get more Google Maps reviews: the definitive guide for local businesses

7 min · Google Maps

Why customers don't leave reviews (and how to fix it with WhatsApp)

5 min · Strategy

Negative reviews: how to handle them to win more customers (not lose them)

6 min · Reputation

Is it legal to ask customers for reviews via WhatsApp? GDPR and best practices | ResenasYa Blog | ResenasYa