Social Media and GDPR… Are You Ready For It?


GDPR has been the marketer’s buzzword over the past few months, but what impact will it have on social media?

Unless you’ve been living under a rock, every marketer will know that the new General Data Protection Regulation (GDPR) is fast approaching. It has left many marketers concerned about its potential impact and application. By no means are we going to try and offer legal advice in this blog, instead, we’ll help to provide a little more information and clarity on the subject.

As we fast approach 25th May, there is a LOT of information being shared about how the new regulation will impact brands and businesses. It has raised concerns for digital marketers since there are plenty of grey areas in its application. With the EU calling it “the most important change in data privacy regulation in 20 years”, the last thing you want to do is bury your head in the sand.


GDPR – The Basics

Due to come into effect on 25th May, GDPR is a new piece of legislation designed to help the public have more control over their personally identifiable data. Businesses will have to ask for permission to use an individual’s data and offer transparency on how that data will be used. There will be changes that all businesses, large or small, will need to make when it comes to processing and handling data.

Consent will be a big factor that will impact digital marketers. When it comes to marketing communications, people will have to proactively ‘opt-in’ to receiving marketing comms, as opposed to the default option to check a box to ‘opt-out’.

Accountability is an important aspect of GDPR, says the DMA’s director of policy and compliance John Mitchison:

“[Accountability] is a new buzzword for GDPR. It is not enough to comply, you have to be able to demonstrate you comply so that if someone asks what is going on with data processes or why people are receiving marketing you can take them right back to the beginning and show the policy for what you do marketing that way, how data is stored. That level of demonstration is vital.”

According to the ICO (Information Commissioner’s Office) the current penalty for failing to comply can be up to €20 Million or 4% of the company’s global turnover (whichever is greater). Yet, according to Econsultancy GDPR, only 54% of businesses will be prepared to meet that deadline.


How Will GDPR Impact Social Media?

You’ll be pleased to hear the major social media platforms such as Facebook, LinkedIn, Twitter has rolled out a number of updates to their terms and conditions, and privacy options for users.

When logging into Facebook, you may have recently noticed that you now have the ability to review and access the data held by the platform, including managing the data that influences the ads that you see.

These updates will do the legwork in gaining consent from your social media audience, leaving you to continue to engage with your social media fans and followers.


There is Still a Risk of Non-Compliance

So we can breathe easy knowing that the social media giants will do most of the work when it comes to GDPR. That’s great news, right? In theory, yes. The platforms are GDPR compliant, but are your marketing practices? How you handle and use personal data could put you at risk of being non-compliant.

Are you using customer data, such as emails, for remarketing on Facebook? Can you demonstrate that the people on your email list have ‘opted-in’ to receive social media ads from you? If not, you could be deemed as being non-compliant. Create separate lists of users that have given consent, to those that haven’t, to better manage your email data.

Are you using those nifty chrome plug-ins that provide a business email from a LinkedIn profile and you then send them an email? You may be at risk of being non-compliant. The key factor being that you must be able to demonstrate that you have gained absolute consent to use an individual’s data.

If you’re running lead generation ads on Facebook and LinkedIn, include a custom field to allow platforms users to proactively ‘opt-in’ to receiving marketing communications.

You will also need to consider how the data is being stored and handled by employees. This is when it becomes an important time to review your workplace social media policy, to ensure that they provide employees with clear guidance on the processes your business has in place to manage, process and store data correctly.

We’ve compiled a little checklist of things to consider, to help keep you compliant:

  • Have you updated your social media policy to include guidance on the new regulation?
  • How did you obtain your data and why do you have the data?
  • Is your customer data up to date and do you have explicit permission to market to them?
  • Do you have the right security measures in place to protect your data from theft or loss?
  • Do you have the right processes in place to ensure that you aren’t holding personal data for longer than necessary?

For more guidance on the impact GDPR will have on your social media marketing strategy, get in touch with our lovely social media team!


Get in touch.
Let’s talk.

0116 254 7224