Social Media & GDPR

Social Media & GDPR

11 May 2018

If you are a business with customers in the EU, the GDPR will be applicable to you when you are handling personal data of your EU customers. The regulation will be enforceable from May 25, 2018.


Subscribers must consent to an affirmative action signaling consent to all newsletters and email marketing.  This may include checking a box on a website, choosing which lists they subscribe to, clicking a button to confirm aceptance or another action confirming consent, that clearly indicates consent to the processing. Implied consent, pre-ticked boxes, or inactivity is not adequate under the GDPR.

If users are required to provide an email address to download a document or are required to provide their contact information to enter a contest, you can not use their personal data to send marketing messages unless they actively agreed  to it. It is illegal to add these email addresses to your mailing list.

GDPR also applies to all existing data, so all exisiting subscribers will have to be asked consent again, or invited to join new lists.  Many brands will have to re-request permissions before the GDPR comes into effect in May 2018.

The subscriber signup process must give information about the brand collecting the consent and about the purpose for the collection of that personal data. 

Under the GDPR, the burden of proof lies with the company to provide that sufficient consent has been given, and that reasonable evidence has been provided to show that you have complied with the GDPR if you are challenged. All forms will have to be presented if requested.

All users have the right to request that all their personal data be deleted.   A user should be able to request access to a copy of the personal data that has been collected.Organic social media marketing (i.e. excluding social media advertising) is pretty much unaffected by the new regulation, because when posting content and engaging fans you do not collect personal data from people who view or engage you. 

Outside the EU?

Entities outside Europe who do business with European citizens are also included.  It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.  If you are a business with customers in the EU, the GDPR is applicable to you when you are handling the personal data of your EU customers.

Issues you want to be aware of:

  • No more scraping or exporting contact details from your social media followers or groups (a tacky excercise anyway).
  • If you send traffic from your social media to your website and you use Google Analytics to track visitor behavior, you will need the visitor's consent.
  • If you want to use your customers’ data or track their behavior for advertising, you have to obtain an explicit opt-in consent from them.

Social Media Advertising

A lot of social media advertising uses customer data that you upload, collect personal data, or track behavior on your site. If you use any of the following features, you should check out what ramifications they will have when the GDPR comes into effect:

  • Facebook Pixel
  • Facebook Custom Audiences
  • Facebook Lead Ads
  • LinkedIn Matched Audiences
  • LinkedIn Insight Tag
  • LinkedIn Sponsored InMail
  • LinkedIn Lead Gen Forms
  • Twitter Pixel
  • Twitter Tailored Audiences
  • Pinterest Tag
  • Pinterest Audiences

Facebook and LinkedIn have also been making some changes to lead form ads, to help you stay compliant with the GDPR. Because you will be collecting data, you’ll need to state how the data will be processed and establish consent for processing the data.

Facebook lead Ad Terms

Before creating a lead ad on Facebook, you’ll have to agree to their lead ad terms.

Facebook now allows you to add a custom disclaimer and optional consent checkbox to your lead form, which should enable you to comply with theGDPR regulations for the collection of personal data.

LinkedIn has also updated its lead generation form enabling you to add a link to your privacy policy, and custom text stating how you will be using the data collected.

Find out more on Facebook, LinkedIn & Twitter's efforts on the GDPR.

This is our understanding of the GDPR based on research covering social media marketing. If you have any questions or concerns in regards to your business and GDPR compliance it is strongly recommended that you contact a professional GDPR lawyer.

Cindy Arlott

By Cindy Arlott

Web Producer, Creative Director, Content Creator & Distributor at clearFusion Digital, & specializes in helping businesses plan & grow their website.

Latest Articles

Contact us for a FREE QUOTE, or a WEBSITE REVIEW!

Request Quote Request Review