The General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Everyone knows about it, and everyone understands bits and pieces of it, but not everyone understands how it’s going to affect their business here in the United States – especially when it comes to social media marketing.
Here, we’re going to break down how the GDPR affects your social media marketing efforts: what’s changing, what’s staying the same, and what you should be worried about. Let’s dive in.
What is the GDPR?
The GDPR is all about, as the name suggests, data protection and privacy on the internet. The bill was signed by all twenty-eight members of the European Union (EU) in an effort to give European citizens the right to privacy online. Simply put, this means companies have to make more of an effort to be transparent about the data they collect from their customers and only use that data if they’re given consent.
Companies have to outline how they’re using customer data, how they’re protecting customer data, what kind of customer data they’re collecting, and ask customers for their consent. This is why you’re constantly seeing updated privacy policies from every website you visit.
If you’re in the United States and you’re wondering why any of this matters to you, it’s because anyone who does business in Europe has to abide by these privacy laws, otherwise they will receive a huge fine (Up to €10 million or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, for lower-level offenses; up to €20 million or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, for higher-level offenses). In other words, you don’t want to mess this up if you’re a US-based company with customers who live overseas.
What This Means for Social Media Marketing
Social media marketing wouldn’t exist if marketers were unable to access Facebook, Twitter, and Instagram users’ data. The issue, however, as we all saw with Facebook, is that social media platforms weren’t doing enough to make it clear to the public how data was being gathered and used. This means that marketers, whose job it is to gather data on customers, have to fully disclose what they’re doing with the data they gather, as well as receive consent to actually use that data. This presents social media marketers with a problem…
Before, they could simply build lists of emails from social media or use a social CRM in order to advertise products and services. Facebook got in trouble for giving that data away to third-parties affiliated with political parties. People don’t always go on social media to buy products. Many simply want to check up on their friends and the latest news. Now, marketers, in a website’s privacy policies, have to tell users that their data can be used for marketing purposes if, and only if, they give their consent.
The good news is that if you know your business only has US-based clients, then none of this actually matters to you; however, in the globalized, hyper-aware society we live in, people have high expectations when it comes to their privacy. People understand the significance of privacy. When businesses are transparent with how they’re using customer data, they’re doing themselves a massive favor. If people suspect their data is being gathered, managed, and used improperly, they will, as we saw, act negatively.
What is Social Media Doing Differently Now?
Every major social media platform with users from Europe have to be GDPR-compliant. You may have noticed a lot of emails in your inbox related to the GDPR. That covers their tracks in terms of email marketing, but what about social media?
Not all social media platforms work exactly the same as each other so let’s take a closer look at what Facebook, Twitter, Instagram, and LinkedIn are doing differently.
Facebook now requires businesses to accept their terms before making lead ads. Facebook wants businesses to understand completely what they’re allowed to do with data. Facebook also helps businesses create ads by letting them create their own custom disclaimers and optional consent checkboxes.
Twitter, according to their FAQ page, complies with the GDPR by using an Irish commercial entity called Twitter International Company as the controller of data outside the United States. It has data processing and processing agreements with the United States, so if you’re a U.S. citizen, your data is also processed by Twitter International Company. When asked if they’re a processor or controller of data, Twitter says they’re a controller. Twitter, like Facebook, is making sure consent is received before any advertisers handle any potentially sensitive data.
Instagram being owned by Facebook follows the same protocols as Facebook. If your business is interested in how GDPR affects ad campaigns on Instagram and you’re already on Facebook, be sure to follow the same rules to avoid significant fines.
The Final Word
Just because the GDPR is a European regulation that was passed in order to preserve the privacy of EU citizens doesn’t mean US-based companies are off the hook. If your business or any business you know of has clients and customers overseas, being GDPR-compliant is absolutely essential, unless you want to pay the fines every time you use data improperly.
Social media marketers have to especially take good care of the data they’re working with: making sure they were given consent and outlining how and for what the data they’ve gathered is being used. Marketers have to use this data in order to better understand their customers. Social media is a great tool when used appropriately because people are more open on Facebook, Twitter, Instagram, and LinkedIn.
It only makes sense for businesses to use that data fairly. People post a lot of stuff on the internet for others to see. Others include friends and family; it does not always include businesses — especially ones that have not received permission to use that data. Privacy is a significant issue businesses have to face head-on in an effort to appear more transparent to their customers. Not doing so risks decreasing already low levels of trust people have towards businesses in general.