Is there a link between GDPR and social media?

The short answer is a resounding “yes.”

Chances are you’ve heard of GDPR or perhaps recall EU companies scrambling to become compliant with data and privacy regulations in May 2018.

However, the impact of GDPR on digital marketing is ongoing and businesses in the EU aren’t the only ones affected.

Marketers should take the time to understand the implications of GDPR, privacy laws and what it all means when it comes to social media.

In this guide, we’ll break it all down in black and white.

What is GDPR, anyway?

Let’s kick things off with a GDPR simple summary we can work with.

The GDPR (General Data Production Regulation) represents a data protection law implemented by the EU (European Union) in May 2018. The law is designed to provide individual consumers control over their personal data. 

Cutting through the jargon and legal mumbo jumbo, the concept behind GDPR is simple: businesses can’t collect or process the data of consumers without consent.

This means that consumers must explicitly agree to a business’ terms (think: an opt-in checkbox) to “hand over” their information for marketing purposes (cookies, use of a Facebook Pixel). These terms must likewise be disclosed on-site for visitors to review and accept.

Given that the regulation took effect in 2018, most of the mad dash for businesses to become GDPR-compliant has passed.

That said, ongoing compliance is required for companies looking to avoid fines and penalties. Over $126 million in fines have been issued to companies violating GDPR as of January 2020.

Perhaps the biggest misconception regarding GDPR is that non-EU businesses are off the hook. In reality, businesses outside the EU attempting to gather visitor data or sell goods and services to customers within the EU are still subject to the law.

And so in a day and age where companies are attracting international audiences, GDPR isn’t something you can simply gloss over. The law isn’t going anywhere, after all.

How does GDPR affect marketing on social media?

Good question!

The connection between GDPR and social media might seem a bit fuzzy, but it’s important to understand the impact for efforts like paid advertising and reporting. Below we’ve highlighted some specific ways that GDPR impacts marketers in the social space.

Restrictions on social media ads and remarketing

This is the big one.

We know that Facebook advertising via remarketing ads that essentially “follow” visitors from your site to Facebook (and vice-versa) can be incredibly effective.

After all, the ability to track the specific behaviors of consumers such as products viewed or time spent on-site on a specific page can clue us in on highly relevant offers. The same rings true for demographic data.

Facebook ad targeting limitations noted in UI - The impact GDPR and social media can be clearly seen by the changes in Facebook ad targeting

However, not all consumers are exactly wild about such ads. Most importantly, traditional remarketing likewise ignores the consent required by GDPR.

Under GDPR, running remarketing ads to EU customers requires such customers to have already agreed to have their data processed, such as through an existing sign-up or creating an opt-in disclaimer about data usage within the ad.

This adds some extra steps to your campaigns, providing more opportunities for leads to drop out of your funnel. Likewise, these extra steps make it more difficult to market via social media to those who are most likely to become customers (think: people who’ve visited your website).

Every organization’s marketing efforts look a little different, and it might be easy to take for granted where you’re using customer data restricted by GDPR. If you are targeting EU audiences, make sure you’ve thoroughly reviewed where you use consumer data in your marketing and how you disclose it in compliance with regulations at each step of your funnel.

And hey, this actually leads us to another challenge of GDPR and social media…

Social media traffic must accept your privacy policy

Let’s say you have a social media landing page that’s explicitly designed to encourage an opt-in such as a newsletter or free download.

Under GDPR, visitors essentially have to opt-in twice as they must accept your privacy terms prior to opting into your offer. You’ve probably noticed the influx of “Accept Cookies” messages and privacy agreements when you land on e-commerce sites, right? Here’s an example from Swatch:

swatch gdpr and social media terms

This is a small but notable hoop for visitors to jump through, especially if you’re hoping for audiences to take an additional lead generation action like filling out a form once on-page.

For example, consider how so much social traffic comes from mobile devices. Having to tap or scroll through privacy terms might interrupt your visitors’ experience prior to opting-in.

That said, conventional wisdom says that such notifications aren’t necessarily make-or-break if you’re presenting a relevant offer to your audience, particularly as audiences become more and more used to these cookie disclosures.

Limited behavior-tracking of some visitors from social media

Many marketers rightfully look at Google Analytics data to glean their ROI from social media.

However, that data can become muddled if you can’t attribute visitors to social media or monitor your social traffic’s behavior.

Although this isn’t a make-or-break issue for most businesses, it might result in an incomplete understanding of your social media customers. The good news is that Google themselves have taken steps to remain GDPR-compliant, meaning that Analytics can still work its magic for those who’ve accepted your privacy terms.

If you are seeing GDPR-related changes in your traffic, such as regional data for the EU lagging behind or drop-offs timed around the start of these regulations, your cookie opt-in experience may need additional UX testing and revision to make sure a larger number of your customers are inclined to accept the terms.

GA notice on GDPR - GDPR and social media has impacted how visitors from social are tracked

How does GDPR impact each social media platform?

Most of the major social media platforms have highlighted their explicit approaches and commitment to GDPR compliance. This includes highlighting who is considered a data “controller” versus a “processor.”

In terms of your own social media presence, this more or less means doing business as usual. If you’d like to better understand how each social network is addressing GDPR, here are some quick resources and explanations:

3 major implications of GDPR and social media

So, what does GDPR mean for marketing on social media at large?

Keep in mind that GDPR isn’t designed to punish marketers or restrict their activities. The big-picture goal of the regulation is to give people peace of mind and more ownership of their data.

Is it working? Well, 31% of consumers already feel that their experience with companies has improved post-GDPR. That seems like a step in the right direction.

Rather than fight back against the regulations, it’s more proactive for businesses to understand how to evolve and adapt.

You don’t have to totally overhaul your social strategy in the face of GDPR, by the way. In fact, GDPR has been a catalyst for businesses to improve their social presence for the better.

Below are some examples of how you can do the same.

1. Emphasize trust throughout your marketing campaigns

Food for thought: only one-third of consumers feel confident in trusting the brands they purchase from (and this percentage is even lower in EU regions).

You can’t expect much traction from customers if they don’t trust you. This includes opt-ins, let alone accepting your privacy policy.

Brands are responsible for giving consumers a sense of confidence. There is no one-size-fits-all way of building trust on social media, but some first steps include:

  • Posting more than promotional content (think: publish how-tos, guides, Q&As and otherwise entertaining content, too)
  • Featuring customers and employees in your social marketing (think: user-generated content and employee advocacy), putting an actual “face” to your business
  • Paying close attention to your reputation via social media when it comes to questions, comments and concerns from customers

Piggybacking on the last point, consider how social media listening can give you a better sense of how followers feel about your brand. Monitoring your mentions makes it easier to hone in on ways you can build that much-needed sense of trust. Here’s an example of sentiment analysis via Sprout Social which translates those feelings into data:

Sprout sample listening report on sentiment

2. Tighten up your social media security

No surprises here: social media security is crucial matters in an era of data breaches and privacy concerns.

This speaks to the need to set up an approval process and limiting access to your social accounts to a select few.

Additionally, consider setting up two-factor authentication across your social media accounts and third-party tools. Doing so gives you a sort of second line of defense between your accounts and security snafus.

sprout 2 factor security

Anything you can do to avoid a data breach is a plus. Winning back the trust of customers can be tough after-the-fact.

3. Make multiple touchpoints and build legitimate relationships

It might sound cliche, but brands today should strive to build customer relationships.

This means reaching out, shouting-out and otherwise interacting with your customers in a positive way.

Remember: social media isn’t the be-all, end-all of your marketing campaigns. Ideally, you can use your social presence to make touchpoints with customers that inspire them to make purchases down the line. Once you’ve established a meaningful relationship, your fans won’t have to think twice about your opt-in or on-site offer.

primark customer relationship example

This is exactly why we’re seeing more companies double down on paid and organic social media rather than choose between one or the other. The bonus of organic social media and outreach is that you can connect to customers directly with no strings attached.

And with that, we wrap up our guide!

Are you sticking to the best practices of GDPR and social media?

Businesses often have to roll to the punches when it comes to both regulations and the evolving expectations of customers.

So it goes with GDPR and social media.

Thankfully, making sure that you’re compliant goes hand in hand with stepping up your security and using your social presence to build meaningful relationships. Doing so is a smart move regardless of your business goals.

And as you put together your social media marketing strategy, consider the role of GDPR and how you can create a stronger sense of trust among your customers.