On May 25th this year, the European Union implemented a historic data protection law known as GDPR. This law is applicable to not only businesses located within the EU, but to any business that deals with personal data pertaining to EU citizens. The implementation of GDPR has had ramifications across various industries. In this article, let us take a look at social media marketing and how this changes with the arrival of GDPR.
Why GDPR Matters?
Simply put, GDPR (or General Data Protection Regulation) is an attempt at regulating the way businesses own and process customer data. One of the key clauses in the regulation requires businesses to be upfront about data gathering and only process them in the way the customer has consented to.
Take the example of a social media marketing campaign offering a free ebook to customers participating in a quiz. Typically, such campaigns are used to gather customer email addresses who are then sent regular newsletters promoting your business products. According to GDPR, this is illegal. You may only send newsletters to customers if they have explicitly consented to receiving your promotional emails.
Things You Must Not Do:
Until now, social media marketers have gotten away with a lot of “strategies” that fall in the grey area. Under GDPR, these strategies are absolutely illegal. Here are a few examples.
One of the very popular strategies used by social media marketers to build a list is to gather likes for their Facebook Pages and then run a ‘data scraping’ script to seek out the email addresses of all their followers.. This is illegal under GDPR since the subscriber did not consent to being contacted by email.
If you are using Facebook’s pixel tracking system to monitor your website visitor behavior, then you must get your visitors’ consent before any tracking can happen. It is worth pointing out that under GDPR, you are considered the “controller” of the data while Facebook is the “processor”. Both these entities are obligated to ensure compliance. Facebook may, in fact, not let you track pixels unless your system is compliant to the EU regulation.
Facebook Lead Ads has emerged to be one of the most popular ways to gather customer data. Unlike web based sign up forms, Lead Ads pre-populates customer data with the help of information they have shared with Facebook. This makes it all the more easy for visitors to submit their data in exchange for your quotation, newsletter or any downloadable.
Also, since GDPR prohibits businesses from sharing customer data with others without explicit permission, you may no longer be allowed to sell generated leads data to third party businesses. In short, if you are a lead generation company, social media based lead generation systems may no longer be for you.
Working With Agencies:
If you, like thousands of other businesses, have hired a digital marketing agency to help you with your social media marketing campaigns, you must know that you are still the “controller” of data and would be responsible for their actions. It is hence important to work with an agency that is GDPR-compliant. If you have significant presence in the EU, it is worth hiring a local agency to help you with marketing since these businesses have greater vested interest in complying to GDPR regulations. Last but not the least, keep yourself updated on each of their strategies and if possible, have all of this mentioned in your contract so you are not held responsible for any potential inaction from their side.
The fines for GDPR violations are huge and can bankrupt many businesses. It is hence important to educate yourself on GDPR and only work with partners who are equally aware of what is at stake.