We’re all aware that the reach of social media is increasing exponentially. While the fundamental purpose of social media is to connect, both people and businesses, privacy concerns are on the rise, especially after Facebook’s data-privacy crisis that occurred in 2018.
Since data privacy is a major problem in today’s social media-addicted society and it cannot be further ignored, the European Union adopted a new legislation on data protection called the General Data Protection Regulation, or the GDPR.
Given that this new data privacy law is extremely important to comply with, we’ll cover the most important things you need to know about this legislation. Furthermore, we’ll tell you the effect it’ll have on your social media strategy, as well as what you need to start working on today in order to prepare your social media for the GDPR.
So, let’s begin!
What Exactly is GDPR?
The GDPR, or the General Data Protection Regulation, is an E.U. law concerning data privacy. Its goal is to ensure EU – based individuals’ data protection, but also to give them more control over their own personal data. This new law, which came into effect on May 25th this year, is replacing an older regulation known as the “Directive”, which had existed since 1995.
The GDPR will bring more control over how personal data is collected, used, stored, and eliminated by businesses and organizations, but also by individuals who act as sole traders or organizations, so it’ll have a major effect on businesses worldwide.
Since this is a European Union law, many may think that it applies only to those businesses which are in the European Union. Well, don’t let that assumption fool you, since the GDPR actually applies to all businesses which have users or customers that are from the E.U. no matter where the business is located. And yes, there’s a fine if you don’t comply with the rules.
Those businesses that won’t take the GDPR seriously could be fined up to €20 million. If 4% of their worldwide annual revenue of the previous year is greater than €20 million, that’s how much the fine is going to be.
Who Does the GDPR Affect?
The GDPR affects both businesses and customers. Since the GDPR came into effect, businesses have to collect and use the personal data of their users and customers in a more controlled manner than before. Consequently, their users and customers will have more protection and control over their own personal data.
Let’s start with the former. The GDPR affects all businesses and organizations which are EU – based. This is simple to understand if your business is in the European Union, since it means that you have to comply with this new law.
However, the GDPR also affects all businesses and organizations that are using the personal data of EU citizens. This means that a business can be located in the United States or in some country in Asia, but if it has users or customers who are citizens of the European Union, this law will affect that business as well.
All in all, the GDPR affects all businesses and organizations which use personal data from EU citizens; it’s as simple as that.
When it comes to the users and customers, as we already mentioned, the GDPR will apply to all EU citizens. They will have greater control over their personal data, which is now more safely and securely managed.
To be more precise, since May 25th 2018, EU citizens have the right to ask any business or organization to delete all of their personal data, known as “the right to be forgotten”. Moreover, EU citizens will have the right to ask any business or organization not to use certain personal data of theirs, the right to correct if there’s any incorrect personal data, to right to ask how and for what purposes their personal data is being used, and the right to transport any personal data from one business or organization to another.
What is Considered Personal Data?
Personal data or personal information is any information which can be used for personal identification of an individual. This includes the following: name, phone number, physical address, email address, photos, bank information, medical information, as well as IP address of the user or customer, their location and biometric data, and anything else that can be linked to the individual in question.
What Does it Mean to Process Data?
Processing data, under the General Data Protection Regulation, is when businesses or organizations collect, use, manage, or store any personal information of individuals who are citizens of the European Union. Therefore, if your business owns the personal information of EU citizens, it means that it’s processing their personal data under the GDPR.
How and Why Is Consent Extremely Important
In order for a business or an organization to lawfully possess and/or use EU citizens’ personal data, they need to be given explicit consent by their users or customers.
This means that from now on, for every usage of EU citizens’ personal data, businesses need to be given explicit consent in the form of a tick-box or a written consent alongside a clear statement about what the data will be used for.
Explicit consent, being one of the main aspects of this new regulation, includes the following:
- Businesses will have to specifically explain their users the way in which they’ll handle their personal data. Ambiguity will not be accepted.
- The users will then have to freely give their consent by ticking a box or by agreeing in a written form.
- If the box is pre-ticked, that will not be considered as explicit consent.
This means that from now on, vague and ambiguous statements like “your personal data will be used for improving the services we provide” will no longer be accepted under the GDPR. Instead, businesses will have to be much more specific and inform their users about the type of personal data they plan to process, why they need to use that specific data, who is to process the data, and when is that expected to happen. The users will then have to click “accept”, tick a box, or send a written statement where they’ll give their consent.
Strategies to Prepare Your Social Media for GDPR
If you want to win the “GDPR battle”, you have to prepare your social media for it. Let’s give you a few strategies on how to do it.
Maintain an Engaging Presence on Social Media
Maintaining an engaging presence on your social media platforms is now more important than ever. Your audience needs to be highly targeted, meaning that your followers need to be genuinely interested in what your business has to offer. In order for this to happen, your content needs to be highly targeted, be it original or curated content. This means that the content you create should peak your audience’s interest, and more importantly, it should spark a conversation.
Learn how to devise a killer content strategy with our content marketing strategies guide.
These things can be achieved by knowing who your audience is and what their likes and dislikes are. Once you are aware of your target audience, you can easily create communities like Facebook or LinkedIn groups. Groups not only have a better organic reach as opposed to pages, but you can also build a better relationship with your followers and increase the value of your business.
Empower Employees to Share Content
If you’re the owner of a company or are managing the social media of a company where other people are employed, encouraging them to share content across their personal social media accounts is another good strategy.
Since GDPR is all about privacy and strengthening the connection you have with your followers and prospects, motivating your employees to share this content will only accelerate the process. The positive opinions of your employees as well as the positive energy they bring to the company while sharing content will create greater trust when it comes to the company and its customers, which is what this new regulation is all about.
Beware of Paid Ads
It’s important that you know that some social media advertising features do use your followers’ personal data. Beware of advertising features such as: Facebook Custom Audiences, Facebook Lead Ads, LinkedIn Insight Tag, LinkedIn Sponsored InMail, Twitter Tailored Audiences, Pinterest Audiences, and some others.
This is why it’s important that you know if and how these tools are using your followers’ data and either no longer use them or, according to the GDPR, specifically inform your users how their personal data is to be used and by whom.
Are you on multiple social media platforms? Sign up to Amplifr to manage your accounts with a single dashboard and receive the best analytical insights and posting time suggestions.
GDPR: Changes That Businesses Which Use Digital Marketing Need to Make
What are the changes which businesses that use digital marketing need to make so that they comply with the new data protection regulation in the European Union?
What exactly is it that you need to do in order to implement those changes? How should you update your lead capture form and how can you approach your already existing email subscribers?
In the following paragraphs we’ll give you the necessary answers, but it’s important to mention that this is for informational purposes only. This post should not be taken as legal advice.
Hiring a DPO is only needed for larger operations – if your business is gathering a lot of data. For businesses that don’t gather and process a lot of data, this step is not necessary, so there’s no need to assign an employee as a data protection officer.
- In what way do you get the data from your visitors.
- Where is the data stored (countries where the data is transferred).
- How can your followers see the data that you have on them.
- How long do you plan on keeping the information that you gathered (retention period).
- Explain how your followers can get their data removed from your storage.
As for cookies, the GDPR says that they leave traces that can be combined with unique identifiers and some other data that is received. This makes it possible for natural persons to be identified by creating profiles for them. That’s why the information they collect should be seen as personal data.
Changes in the Lead Capture Form Design
There are also some changes you need to make in the lead capture forms that are on your website. If you don’t already have one, you must include a coherent explanation of what the user is signing up for. Also, the tick box where the user is agreeing to the terms and policies must not be pre-checked. The checking of the box must be manually done by the user.
Example of a Good GDPR – Compliant Consent Form
For a higher conversion rate, you need to be mindful of the design of your form. A few things to keep in mind and implement in your lead capture form are:
- The first row of the form should be a social proof, mainly because it can boost your conversion rate. For example, it can say something like: “Be one of our 3000+ satisfied customers that are getting special offers”. You can also include reviews, testimonials from customers, statistics etc.
- You can tell your customers exactly what they are signing up for. This not only helps you with the GDPR, but it also shows your customers the benefits of subscribing.
- For every different mailing list, there should be a different tick box for users to select. They should not be bundled together so that nobody could subscribe to two or more mailing lists with one click. Listing the benefits they’ll get is a smart thing to do now, rather than only telling your visitors to subscribe.
- In the past, for higher mail subscriptions, the checkboxes were colored and put in places that are hard to be noticed. They were also pre-checked. Now that the rules are changed, it would be most beneficial to do the opposite. Vivid colors, large fonts, visual elements like icons, etc. The goal is for them to be noticed, and that will increase your opt-in rates.
- The last thing on every form is the submit button. However, for a better conversion rate, that button should NOT say “Submit”. If it does, according to many studies, your opt-in rate will be lower. Instead, test out different words on your submit button, such as “Click Here” or “Go”.
Evidence that Subscribers Gave Consent
You must find a way to document each given consent from your users who subscribed, and then implement it. Before the changes for data protection, most of the businesses didn’t collect evidence or document the opt-ins they got on their forms. However, since things have changed, this is a must if you have EU visitors coming to your website.
A lot of email marketing tools already collect location, time, and IP addresses when a user submits a form. What is not saved is the form itself at the given moment of submission. So there are two additional things you need to keep as evidence: the form and the policies that the user agreed to at the moment of submission. One way to do this is to find a tool for marketing that has the option to document that automatically.
Re-permission Your Existing Database
If the emails you already have in your database are from before changing the forms that collected them, you need to re-consent every single one of them. This may not apply if those users already made a purchase and you have their contact information, or if they are outside of the European Union – but it does apply in almost every other case.
There are many ways in which you can try to re-permission your users.
For example, you can offer them promo codes with a discount for some of your products or services. To get the discount code, they would need to sign up on the new form that is compliant with the GDPR. You can also include a banner to every new email you send to your users, asking them to re-consent. Another way is to simply send an email informing them that in order to continue getting emails (promotional offers, newsletter, etc.) they’ll need to fill a form and re-consent. In that email, you will, of course, provide them with a link to the form they’ll need to fill out.
The GDPR will bring many changes into how social media operates in the future. The main point is that businesses will still be able to use their users’ personal data, only this time the purpose needs to be specifically explained and they need to be given explicit consent in order to process that personal data.