For years, handing over your phone number at a shop counter or while ordering online felt like no big deal. Whether it was for a “digital receipt,” a loyalty program, or a quick OTP, most of us gave it without thinking twice.
But that’s changing — big time.
With the Digital Personal Data Protection (DPDP) Act 2023 now kicking in, businesses can no longer casually collect and store your personal data. And yes, that includes your mobile number.
What’s Changing for Everyday Shoppers
Here’s the simple version:
- No more forced phone numbers – Shops, restaurants, and e‑commerce sites must ask for your clear consent before collecting your number.
- Purpose must be clear – They have to tell you why they need it (e.g., to send a receipt) and can’t use it for anything else without fresh permission.
- Data expiry – If you stop engaging with them or withdraw consent, they must delete your data — usually within 3 years or sooner.
- No service denial – You can’t be refused a purchase just because you don’t share your number.
How This Shakes Up Digital Marketing
For marketers, this is a seismic shift. Until now, phone numbers were a goldmine — a direct line for SMS campaigns, WhatsApp promotions, and retargeting.
With the DPDP Act:
- Consent-first marketing – You can’t just add customers to a list because they bought something once.
- Smaller, cleaner databases – Your contact list will shrink, but the people on it will be genuinely interested.
- Higher ad costs – With fewer first-party contacts, brands may rely more on paid ads, which could push up acquisition costs.
- Shift to value-driven opt-ins – Marketers will need to offer real incentives for people to share their data — think exclusive content, loyalty perks, or personalised offers.
💡 If you run campaigns, this is the time to rethink your lead capture strategy. We’ve shared some practical ideas in our digital marketing strategy guide.
🛒 E‑Commerce: The Risk of Losing Customers
E‑commerce platforms thrive on data — browsing history, purchase patterns, abandoned carts. But with stricter rules:
- Retargeting gets harder – Without consent, you can’t track and nudge customers back to complete a purchase.
- Cart recovery emails/SMS may drop – If you don’t have permission, you lose that follow-up channel.
- Customer churn risk – If you can’t personalise offers, shoppers may drift to competitors who’ve earned their trust (and consent).
- Need for trust-based branding – Transparency in how you use data will become a selling point.
Here’s how your checkout page can ask for a phone number the right way — no pressure, full transparency.
📌 We’ve broken down how to build trust-driven e‑commerce funnels in our e‑commerce optimisation insights.
🔑 Key Takeaways
- Consent is king – No consent, no data collection.
- Data has an expiry date – You can’t keep inactive customer info forever.
- Marketing lists will shrink – But engagement quality will improve.
- E‑commerce must adapt – Focus on trust, transparency, and value exchange.
The Opportunity in the Challenge
Yes, the DPDP Act will make life harder for lazy marketing. But for brands willing to adapt, it’s a chance to:
- Build deeper trust with customers.
- Create high-quality, high-intent audiences.
- Stand out with transparent, ethical data practices.
In the long run, this could mean better conversions — because you’re talking to people who actually want to hear from you.
If you want to future-proof your marketing and e‑commerce strategy under the DPDP Act, we’ve put together actionable frameworks at Wireframes Digital to help you stay compliant and competitive.
