Social media marketing is big business. It’s the fastest-growing marketing segment and an increasingly popular and effective means through which a company can connect with its customers.

Accordingly, companies cannot afford to use anything other than industry-best practices. In Europe (and anyone who communicates online with this region), this means an emphasis on General Data Protection Regulation or GDPR. This new data-privacy law in the EU is strict. Running afoul of is may mean sizable fines. This makes it critical for social media marketers to understand GDPR and why compliance is crucial.

Avoiding the Wrath of GDPR

Defining GDPR

The new law is aimed at giving EU citizens greater control over their personal data and how it is used online. It went into effect on May 25, 2018, and it has a direct effect on how business can collect and use personal data that’s related to customers.

GDPR even applies to companies that are not EU businesses but that may have EU customers. This makes it critical for any organization that services EU customers to understand and adhere to the new law.

Improving Business Relationships with Customers

GDPR compliance promotes improved trust between companies and the people they serve. This is because the customer can trust that they know how their data is being collected and used. GDPR also may mean that fewer people receive emails that they don’t want, and most customers will enjoy the enhanced marketing experience. If customers have a more positive online experience, they are more likely to view the companies with which they do business in a favorable light.

Consumers also reap considerable benefits from the GDPR. With the assurance of greater privacy, they have less cause to worry about their sensitive data falling into the wrong hands. It’s also helpful that businesses are only allowed to collect the data that’s essential to their purposes. Moreover, consumers are given a proactive opportunity to opt-in to emails and other marketing techniques. They similarly have the power to decide whether or not they want their online behavior to be tracked for advertising purposes.

Although not all is doom and gloom.  In a recent article by Gartner’s Dan Muelen, he stated “Don’t lose sight of the fact that implementing GDPR consent requirements is an opportunity for an organization to acquire flexible rights to use and share data while maximizing business value.” Small businesses can also benefit tremendously by creating more transparent business practices. In a Youtube interview, founder of Privacy Australia mentioned, “what important about GDPR is it’s the first time corporate interests have been forced to actually care about their customers digital rights. It’s a perspective shift for both businesses and consumers.”

GDPR’s Effect on Organic Social Media Marketing

If you’re a marketer, then you probably rely heavily on organic social media marketing. GDPR is likely to have little real effect on the way you operate. Most of your organic social media marketing efforts likely are related to posting relevant content and seeking out the engagement and participation of customers and fans. Neither of these activities generally involves the collection or use of personal data.

Nonetheless, your organic social media marketing efforts still may be impacted by GDPR. It’s at least helpful to be mindful that these efforts may run contrary to the goals of the new law.

As an example, it would not be advisable to scrape or otherwise export the contact details of anyone who follows you on social media. This was generally not an ethical practice before the GDPR, and it may carry serious consequences if it’s done now.

Additionally, any traffic that you direct from your social media to the company website should not use Google Analytics to track visitor behavior unless you have obtained consent.

Paid Social Media Marketing and GDPR

The new law makes it essential that you obtain proactive consent from your customers if you’re going to engage in any online behavior tracking or if you’re going to use their data in any way. Accordingly, you must provide a clear path for customers to either opt in or opt out. The language should be plain so that consumers understand their choices and how their private data will be used. It’s also essential to make it easy for customers to change their preference.

You further must make a clear statement concerning what data you will collect and how it will be used. If a customer fails to make a choice regarding opting in or opting out, then you’re not permitted to take their inaction as consent.

From the preceding discussion, it’s fair to say the new restrictions are quite stringent. This means that it is essential for social media marketing professionals to familiarize themselves with the principles sooner rather than later unless they’re a fan of large fines.

Advertising Features that Automatically Collect Data

It’s critical that social media marketers be aware of the advertising features that they use to automatically collect and store data or track customer behavior. Some of these may include:

Pinterest Audiences
– Pinterest Tag
– Facebook Lead Ads
– Facebook Custom Audiences
LinkedIn Insight Tag
– LinkedIn Matched Audiences
– Twitter Tailored Audiences
– Twitter Pixel

There may be others, so get proactive by checking with each platform to ensure compliance.

Facebook, LinkedIn and Lead Form Ads

Facebook and LinkedIn took steps before GDPR became effective to ensure that users will already be in compliance. You may have noticed these changes if you regularly use lead form ads on these platforms.

For instance, you must now explicitly accept Facebook’s lead ad terms before you can create a lead ad.

Facebook further makes it possible to add optional consent check boxes to each lead form. Adding a custom disclaimer is advisable. These additions make it possible for you to be compliant with all aspects of GDPR.

Similarly, LinkedIn has made updates to their lead generation form. You can now insert customized text that explains how you plan to use collected data. It also makes sense to use the ability to link directly to your privacy policy.

The GDPR Breach Notification Duty

With GDPR in effect, all organizations operating in the EU or with customers in the EU are required by law to report data breaches that may include the unauthorized access to or loss of consumer data. This duty includes informing the proper supervisory authority as well as any consumers who are affected. If any social or economic disadvantage is introduced by the breach, then it’s necessary to provide an appropriate notification.

As social media professionals, this responsibility is more critical than ever. It’s far better to ensure total compliance with GDPR than to leave your organization vulnerable to a breach that may put customers at risk and cause your company’s reputation to suffer.

And then there’s the “small” matter of financial penalties, which can range up to $20 million euros or 4% of a company’s annual turnover, whichever is highest. If you’re not sure about compliance, better get that way. Soon.

See also: How to Build and Manage a Private Facebook Group?