Up to €20 million…
or four percent of your total worldwide annual turnover of the previous financial year, whichever is higher.
That’s the penalty for failing to comply with the General Data Protection Regulation (GDPR), the EU’s new data privacy law.
Okay, sorry to start this post on such a heavy note, but the GDPR is very important to comply with. And not only that, I believe that the new regulation is something we should fully embrace as I can see it bringing around positive changes that could be beneficial to both customers and businesses.
In this post, I’ll share some benefits of the GDPR for your business and your customers. I’ll also cover several key things to note for social media marketing.
Disclaimer: This is my personal understanding of the GDPR based on my research and only covers social media marketing. To ensure that you’re compliant with all aspects of the GDPR, you should consult your legal advisor.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new data privacy regulation that aims to give individuals in the EU protection and control over their personal data. This affects how businesses can collect and use personal data.
The regulation will be enforceable from May 25, 2018.
While it is an EU law, it is applicable to any organization with personal data of EU citizens and residents. So if you are a business with customers in the EU, the GDPR will be applicable to you when you are handling personal data of your EU customers.
You can learn more out GDPR in the below podcast episode:
Why the GDPR is beneficial to your business
If you have read the regulation or started preparing for it, you might notice that it requires some effort to be fully compliant with the regulation. But I think there are several potential wins for your business:
- Greater trust: Your customers will know what data of theirs is collected and how it will be used.
- Better email engagement: Only people who are interested in and who choose to opt-in to your email will receive your content.
- Improved marketing experience: With stricter regulation on the use of personal data for marketing and advertising, consumers will likely have a better experience while surfing the internet (and hopefully become more receptive). This will benefit all businesses that do online marketing.
And these are just from the marketing perspective. For more benefits that being GDPR-compliant can bring to your business, check out this article by Michael Fimin, CEO and co-founder of Netwrix, an IT security software company.
How the GDPR will benefit consumers
Besides benefiting your business, the GDPR is also favorable for your customers in many ways.
- More privacy: Businesses are required to collect and process only personal data that are necessary for each specific purpose and implement measures to protect personal data.
- More security of their personal data: With stricter rules on collection and processing of personal data, there would likely be fewer data breaches such as the recent incidents.
- More control over their shopping experiences: Consumers will be able to decide upfront whether they want to receive marketing emails from businesses or whether they want their website behavior to be tracked for analytics and advertising purposes.
For example, visitors on mailchimp.com can now customize their cookie preferences.
Organic social media marketing
Organic social media is probably a big part of your role as a social media marketer. The good news is that I believe organic social media marketing (i.e. excluding social media advertising) is largely unaffected by the new regulation.
But there are several instances you want to be mindful of:
- You would not want to export or scrape contact details from your social media followers or groups as that is personal data. (I personally don’t think this is right even without the new regulations)
- If you are sending traffic from social media to your website and you’re using Google Analytics to track visitor behavior, you will likely need to get consent for that.
- If you run social media ads, especially lead ads, there are several things to be aware of. Let’s quickly go through them.
Paid social media marketing (or social advertising)
Under the GDPR, if you want to use your customers’ data or track their behavior for advertising, you must obtain the legal basis to do so. That is, you have to obtain an explicit opt-in consent from your customers.
Here are a few key points to know:
- Your customers must be given a free and genuine choice to accept or reject (and be allowed to easily withdraw their consent).
- You have to state what data will be collected and how it will be used.
- The request for consent has to be in a clear and plain language.
- Inactivity also doesn’t constitute consent. Your customers have to take an action. (E.g. Pre-tick boxes for consent are not allowed.)
As there are very stringent requirements for obtaining consent, it’s best to refer to the regulations directly and check with your legal advisor.
Several social media advertising features use customer data that you upload, collect personal data, or track behavior on your site. If you use any of the following features, it’ll be great to look further into the actions you should take before May 25, 2018:
- Facebook Pixel
- Facebook Custom Audiences
- Facebook Lead Ads
- LinkedIn Matched Audiences
- LinkedIn Insight Tag
- LinkedIn Sponsored InMail
- LinkedIn Lead Gen Forms
- Twitter Pixel
- Twitter Tailored Audiences
- Pinterest Tag
- Pinterest Audiences
For more information about advertising on social media platforms under the GDPR, check out the following resources by the respective platforms:
(I can’t seem to find Pinterest’s information about GDPR. If you know of any, would you mind sharing the link to their page in the comments section below? Thanks!)
Lead form ads on Facebook and LinkedIn
There have also been some changes to lead form ads on Facebook and LinkedIn to help you stay in compliant with the GDPR. As you would be collecting data through lead forms, you’ll need to state how the data will be processed and establish a legal basis (e.g. consent) for processing the data.
Facebook lead ads
Before you can create a lead ad on Facebook, you’ll have to explicitly accept their lead ad terms. You can view and accept their terms here. (Also as a refresher, here are Facebook’s advertising policies.)
LinkedIn lead gen form
LinkedIn also has some suggestions for the custom text. For example, if you are collecting email addresses for your newsletter, you could use “We’ll use your information to register you to receive our newsletters.”
Further GDPR reading resources
The GDPR is a huge and important topic. Here are some of the resources that I have found helpful:
- General Data Protection Regulation (the official PDF arranged neatly as a website)
- GDPR: What Growth People Need To Know (by Reforge)
- MailChimp’s GDPR Guide (by MailChimp)
- GDPR Compliance for Email Marketing. A Step-by-Step Guide. (by We Compose)
Do you know of any other helpful resources?
Over to you: How are you preparing for GDPR?
As a quick reminder, GDPR comes into effect on May 25, 2018. It’ll be best to prepare your business for it before that date.
At Buffer, we are working hard to be compliant with the GDPR before the enforcement date. We’ll be sharing an update soon so keep an eye out for it!
In the meantime, if you have any questions, feel free to leave a comment below. We’ll try our best to answer them.