What Businesses And Marketers Need To Know About The European GDPR

It’s coming on May 25, and it has the potential to completely overturn everything that you do with social media marketing. “It”, of course, is the European General Data Protection Regulation (GDPR), which is a comprehensive new privacy law that applies to any company collecting data on EU residents or offering products and services to EU citizens. So, just because it has the word “European” in the title, don’t assume that it doesn’t apply to you.

Why GDPR matters for social media

For good reason, alarm bells are starting to sound in Silicon Valley. Most likely, you’ve already received a stream of messages from websites, social networks and web service providers, alerting you of changes to their privacy policy. Well, it’s not a coincidence. Big companies like Facebook and Google are perhaps most at risk from the GDPR, primarily due to the scale and scope of the information that they collect.

But, if you think about it, every website and every social media platform collects a tremendous amount of data about users. And if any of those users happen to be EU residents, then you fall within the purview of the new regulation. Since the GDPR specifically mandates financial penalties for non-compliance, you are also introducing unwanted legal and regulatory risk into your operations if you simply put your head into the sand and ignore the GDPR.

Use cases of the GPDR

Still not convinced? Here’s just a simple example of how the GDPR will impact your social media marketing. If you are using affiliate links within your content, you will now need to alert users any time they are about to click on those links. That’s because affiliates collect data and information on users. The same goes for a lot of features that define the everyday web – everything from comment boxes to contact forms.

If users want to sign up for your email newsletter, you’ll need to inform them as well of what type of information you are collecting, how you are using it, and with whom you are sharing it. And don’t forget about ads that you are running on your site – it’s almost inevitable that these advertisers are collecting plenty of valuable information about users. The GDPR says that users have a right to know what kind of information is being collected on them, and by whom.

Opt-out vs. Opt-in

Finally, the GDPR is going to change the way we think about privacy. Today’s paradigm is that companies have very weak privacy policies (yes, Facebook, we’re talking about you!) and users must “opt-in” to much stricter privacy options. But the paradigm being presented by the GDPR is that companies must start out with the very strictest privacy policies possible and then users must “opt-out” in order to relax those policies.

And there’s one more way that the GDPR is going to change the privacy paradigm – it is going to make “consent” a necessary, but not sufficient, part of privacy protections offered by companies. That means that simply ticking a box when you sign up for a service is no longer going to give a company carte blanche to use data however it wants to. In fact, the GDPR also requires companies to provide reports on how their data is being used, if requested by users.

So the takeaway here is clear: start re-thinking privacy now, before it’s too late. Do a quick audit of your online presence to gauge your overall exposure, and then start implementing a more beefed-up privacy policy that will protect users. Just because you’re not based in Europe doesn’t mean that you are not impacted. The GDPR is going to have worldwide implications.