Despite GDPR coming into law in May 2018, many businesses aren’t only failing to comply with it, but still lack knowledge about the consequences of not meeting requirements.
It’s a big surprise that as of July 2019, 30% of European businesses are still not compliant with GDPR guidelines.
Although it might require a great deal of effort to get in-line with GDPR legislation, there are numerous benefits for organisations and consumers.
In this article, we cover some of those positives and how you may need to assess and change your social media marketing strategy to stay in line with regulation.
What is GDPR?
GDPR is a data protection regulation designed to give EU citizens a greater degree of control over how their personal information is collated and used by businesses. This will impact how a company can market themselves to customers.
This law applies to any company that handles the personal information of an EU resident – no matter where they’re based in the world.
How does GDPR benefit business?
By now you should understand GDPR, as it does require some effort to become fully compliant.
That said, there a few big positives for businesses once you do so:
- Consumer confidence – if current customers, and even potential ones, are confident that you can handle and process their information in line with legislation, it’s likely to encourage greater trust
- Engaged audience – one of the problems pre-GDPR was the fact that a company could be marketing their products and services to people who weren’t interested in them. Post-GDPR rules mean that you have a much more engaged list of customers to market to
- Improving customer experience – stricter regulations around the use of personal data means that companies will be forced to think more creatively about how they market to the consumer
How does GDPR protect individuals?
Apart from benefiting businesses, GDPR helps customers too.
It does this by:
- Increasing privacy – businesses are only allowed to collect and use data for a pre-specified purpose. This also needs to be clearly communicated to the user with assurances on how the data will be kept safe
- Increasing data control – stories of data mismanagement in the media are commonplace – think Cambridge Analytica – but GDPR will hand the control back to the public who will manage their own data to a certain extent
- Tailored internet experience – consumers will now be able to decide from the outset whether they wish to be added to marketing lists and have their behavior tracked for analytics and advertising reasons
The UK-based newspaper, The Guardian, has an excellent cookie consent example that illustrates how users can manage their preferences:
Organic social media marketing
Organic social media will, no doubt be a large part of your overall marketing strategy.
The great news is that organic social media is largely free of GDPR regulation. This is because most social activity, such as sharing posts and engaging with followers, doesn’t require you to collect any consumer information.
Having said that, there’s something you’ll still need to consider:
- Scraping tools that export personal information of social media users are certainly not permitted, as this isn’t only considered as a breach of GDPR, but there are a few ethical issues surrounding tools of this kind too
Although organic social media doesn’t often cross over with GDPR, if you’re running paid social media marketing, you’ll need to remain vigilant of a few GDPR regulations.
Paid social media marketing
If you want to use visitor data to track online behavior for your own advertising means, then it’s vital that you have the legal right to do so. This means that you must get an individual’s explicit consent.
When trying to gain consumer consent, you need to think about the following:
- Customers need to be given the option to accept or reject consent. Even after consenting, they need the option to withdraw that at any time
- You need to clearly explain what information you’re planning to take and how you’re going to be using it
- Your request for consent needs to be clear and easy to understand
If you’re using Facebook to market the business, but aren’t using a Facebook pixel, you’re throwing away an excellent opportunity to provide your audience with an improved experience by showing them more relevant ads.
However, you do need to be aware that GDPR does affect the pixel, and you must gain consent if you’re involved in any of the following:
- A retail website that uses cookie data to collect information about products users are viewing online
- A news website that uses third-party ad servers that display ads and collect cookie information on who’s viewing them
You’ll also need to be aware of GDPR if you’re advertising on Facebook and using a pixel to measure conversion from ads or creating Facebook retargeting campaigns.
Facebook custom audiences
Custom audience information is pulled straight from an email list, which you can upload to Facebook to target contacts directly.
Uploading email lists to Facebook custom audiences makes you the ‘data controller’. Being the data controller means that you must ensure that any contacts you’re uploading into custom audiences have given consent.
It’s also important to consistently update your custom lists to ensure you’re removing old contacts that have opted out of your marketing.
For B2B businesses, LinkedIn provides a massive platform for the marketing of products to an engaged audience of 660+ million users.
We all know the benefit of directing sponsored content to your LinkedIn audience is a fantastic way of addressing relevant advertisements to your customer base, without relying solely on organic marketing.
However, the post-GDPR landscape means that different rules control our marketing data.
Like Facebook, uploading data to LinkedIn needs individual consent, and the responsibility for ensuring this comes down to the company undertaking the campaign. This information is generally used in a Matched Audience or InMail sponsored content campaign.
LinkedIn also allows users to change advertising settings, which allows any member to prevent their data from being used for ad targeting.
LinkedIn campaign data
If you’re using Matched Audiences as the groundwork for your paid marketing campaign, you hold the responsibility to ensure all the data is GDPR approved.
If you’re undertaking a Sponsored InMail campaign, you won’t need to do anything else, unless you’ve taken their data from your own database.
The same goes for lead generation forms – you won’t need to do anything further since LinkedIn manages GDPR compliance for ad marketing and tracking.
With such a hefty fine for tripping over GDPR legislation, it’s certainly worth getting to grips with, rather than assuming it doesn’t apply to you; so long as you’re marketing to EU citizens, it certainly does.
So, if you haven’t already, it’s time to think carefully about all your marketing activities to ensure you’re operating on the right side of the law.