The May 25th, 2018 deadline for its formal introduction has passed and organizations across the globe are scrambling frantically to ensure that they’re prepared to meet the demanding terms of the European Union’s (EU’s) General Data Protection Regulation or GDPR.
It’s a legal and compliance framework designed to safeguard the privacy and data rights of EU citizens and residents – but one with a global reach and the potential to affect organizations operating in every sector.
With issues concerning privacy, data harvesting, and the public perception of bad behavior on the part of social media platforms like Facebook and their advertising partners making the news, in this article we’ll be looking at what effect the GDPR is likely to have on social media marketers and their work.
GDPR in a Nutshell
The General Data Protection Regulation (or GDPR) upgrades and harmonizes laws from the 28 member states of the European Union (EU), governing data privacy and the rights of individuals to their personal information. It affects organizations based in the EU, and any enterprise which deals with the personal information of EU individuals as a “data controller” (platform for, or primary user of information) or “data processor” (external agency acting with or on behalf of a controller).
The personal information in question includes names, phone numbers, email addresses, financial and medical data, photographs, and electronic identifiers like device IDs and MAC or IP addresses.
EU citizens, permanent residents, and individuals who are temporarily resident in the European Union when their personal data is collected come under the protection of the new regime. And GDPR enshrines certain rights which individuals have to this information, including:
- Consenting to the collection and processing of individual information, on a case by case basis
- Being able to opt out from data collection or processing, at any time
- Knowing where, why, and how their data is processed
- The right to have information held by an organization altered to reflect true conditions, or deleted entirely (“the right to be forgotten”)
Consent Takes Center Stage
In order to collect personal information for marketing or any other purpose, the consent of the person involved has to be obtained. GDPR puts it this way:
“freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
So, putting a pre-checked “Yes” box on the opening page of your site or survey won’t do. Neither will trying to confuse the visitor with impossible to understand legalese. Or saying that “You didn’t say that you object, so you agree.”
They have to be able to clearly read and understand the reasons why you’re asking for their data, how it will be used, and how long it will be held in storage, before being given an obvious channel to agree to your conditions or refuse them.
Partnership and Chain Effects
The recent scandal with Cambridge Analytica and its after-effects (the company has been forced out of business) illustrate the dangers of assuming that your supply chain partners will behave in an ethical manner. With GDPR targeting both data controllers (the Facebook platform, in this case) and data processors (e.g., Cambridge Analytica), the burden of responsibility for compliance rests with organizations on each side of the information-gathering and using equation. Social media marketers will need to careful about who they work with, and how they handle personal information, themselves.
For marketers and advertisers operating on the backbone of a large social media network, there’s some comfort in knowing that the major platforms have already put measures in place to meet with GDPR compliance.
Facebook, for example, has been at great pains to broadcast its own state of GDPR readiness, with changes in the terms for its lead form ads. LinkedIn has also updated its lead generation form, with fields for marketers to add links to their own privacy policies, and custom text describing how the collected data will be used.
But it’s not enough for social media marketers to rely on the compliance “umbrella” of features like these. Within their own practices (the language they use for opt-in forms and notifications, how data is stored, whether data is passed on to other agencies, etc.) compliance with the GDPR terms is also required.
Non-compliance with the GDPR’s strict terms could result in negative repercussions for the offending party, and stiff penalties. At the lower end of the scale, public reprimands and a “naming and shaming” system that highlights offenders could bring damage to a marketing firms reputation and bottom line. In the worst case scenario, non-compliance attracts a maximum fine of €20 million ($24.8m) or 4% of an organization’s annual turnover, worldwide.
Remember, that €20 million ($24.8m) is a baseline figure for the maximum penalty. If 4% of your annual turnover is more than this, you could be liable for a larger figure. And if you’re a smaller scale operation, even that $24.8m could be enough to sink you, at a stroke.
So it’s worth making the effort to get your GDPR compliance house in order, well before the kick-off date. This may require a ton of work and considerable expense – but think of that effort, in light of the alternative.
The Hard Road to GDPR Compliance
Besides the crafting of consent forms at every avenue of data exchange along the customer journey, compliance with GDPR also demands strategic and operational changes from social media marketers.
For email marketing, contact and other details which would formerly be used for targeting purposes may only now be used if consent has been given for the right for that data to be processed. Similar restrictions will hold for personal information held on Customer Relationship Management (CRM) systems.
And the much-touted use of so-called “Big Data” and intelligent analytics for targeting and personalization will have to be reviewed, in light of the compliance status of the tools and platforms used in extracting data, analyzing it, and distributing the results.
GDPR and the Benefits for Social Media Marketers
All this said, GDPR isn’t necessarily all hard work and bad news, for social media marketers. An atmosphere of stricter policing of information-handling and greater safeguards for personal privacy may bring several benefits for marketers and the organizations they represent, such as:
- Greater transparency winning trust from consumers, who know what information of theirs is being collected, and how it’s being used.
- Reduction of workloads as email subscription lists and other databases shrink to include only those individuals who have actually opted in.
- With careful design, a more streamlined interaction with brands as fewer obstacles and distractions hamper the online marketing experience.
GDPR and the Benefits for Consumers
For customers too, the new emphasis on disclosure, consent, and data protection will bring greater privacy and the chance of a more focused and enjoyable shopping experience.
The Advantages of Content Marketing
Finally, with GDPR putting all forms of personal data exchange under the microscope, interactive and non-invasive methods of promotion are likely to be most trouble-free.
Social media marketers may increasingly rely on the various methods of content marketing such as blog posts, video, podcasts, infographics, and tutorials. This will enable marketers to engage with customers and guide their relationships with various brands, without requiring the extraction of personal data.
Share this Post