General Data Protection Regulation, or GDPR, is a set of new regulations approved in April 2016 by the government of the European Union. The GDPR is intended to help EU residents have greater control over their personal data online. The regulations went into effect across all EU countries on May 25, 2018.
GDPR not only impacts the way marketers collect data, but how ads are created, personalized, and targeted online.
If your company is trying to reach prospects in the European Union, you must ensure GDPR compliance across all platforms. While the GDPR is a European regulation, every company doing business in the EU is required to comply with the rules or be banned from collecting any personal data. Exactly what type of data will the GDPR protect? Dave Shewan explains:
“Virtually all data pertaining to individuals residing in the European Union will be protected by the GDPR. This includes not only uniquely identifying information such as official identity documents similar to Social Security numbers in the U.S. and Social Insurance Numbers in Canada, but also information routinely requested by websites, including IP and email addresses, physical device information such as a computer’s MAC address, individuals’ home addresses, dates of birth, and online financial information including online transaction histories.”
“The legislation also protects user-generated data,” he continues, “such as social media posts (including individual tweets and Facebook updates), as well as personal images uploaded to any website, including those that do not feature the likeness of the person who uploaded the image. The GDPR also covers medical records and other uniquely personal information commonly transmitted online. Essentially, the GDPR protects any and all personal user data across virtually every conceivable online platform.”
That is a lot of ground the GDPR is covering, especially for marketing agencies and advertisers, or any company seeking to promote its products or services in the EU. Most promotional efforts today involve the use of some already known personal data about the target audience. This is particularly true for social media companies, such as Facebook, that offer advertising platforms.
The good news for those who advertise via Facebook is that the company is taking the new EU regulations seriously. Facebook, of course, has had its own serious problems recently with user and privacy issues, so it is trying to do the right thing. It is primarily focused on control, transparency, and accountability. Here’s what you need to know.
If you use Facebook Pixel, you must comply with the GDPR.
Some companies that don’t do any (or much) business in the European Union may opt not to put parameters in place to ensure that they are compliant with the EU’s new regulations. But those who use Facebook Pixel don’t have that choice. For those who don’t know what Facebook Pixel is (or who may be using it without knowing what it is called), pixel is a code placed on a website that helps track conversions from Facebook ads, optimize ads based on collected data, build targeted audiences for future ads, and remarket to qualified leads—people who have already taken action on a website. Every company that uses the Facebook Pixel program must comply with the GDPR – even if it’s just on the off chance that someone from the EU may visit the site.
If you use Facebook Lead Generation Ads, transparency is paramount.
Serious business pages can benefit greatly from Facebook’s lead generation ad program. However, most lead generation campaigns rely on collecting and using user’s data to conduct personalized marketing efforts. However, under the GDPR, both Facebook and the business must disclose what information is being collected and how it is being used in their marketing efforts. Facebook would (or should) do their part, but the advertiser has a responsibility to meet in this area.
If you use Facebook’s Custom Audiences tool, there’s an extra step to take.
The Custom Audience tool is very useful for businesses, as it allows you to upload customer data to Facebook so that you can communicate with and market to those customers via the popular social channel. However, the responsibility of informing your customers about what you are doing with their data lies solely with you. Facebook is only the data processor in these cases; you can’t expect them to communicate with your customer base.
Complying with the GDPR starts with your website outside of Facebook. It’s your responsibility to inform your visitors and customers from the EU that you are aware of the new rules and give them the option to have their data used for marketing and communication purposes or not. It’s basically a glorified opt-in process that requires you to keep your customers updated on how their data is being used.