GDPR: the digital detox of 2018
Do NOT panic – it’s actually OK!
Do NOT panic – it’s actually OK!
You might have heard about this major new legislation called the EU General Data Protection Regulation (GDPR). This regulation comes into effect on May 25th and will apply to all 28 EU Member States. Although this has been known since 2015, it’s only now that everyone has actually started paying attention to it (flashback to those uni assignments, amirite?) But no need to panic – here are the most important bits.
In a nutshell, the new GDPR is designed to give individuals better control over their personal data. “Personal data” is defined as any information relating to a person who can be identified – directly or indirectly – by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
In many cases, online identifiers including IP address, cookies and so forth will now be regarded as personal data if they can be (or are capable of being) linked back to the data subject.
This doesn’t mean you (as a company) can’t gather (and use) personal data any more – what it does mean, however, is that you’re not allowed to do it without the user’s consent (or without one of the other five lawful reasons to store data).
Another thing that’s important to mention, is that the GDPR distinguishes between organisations that are “data controllers” and those that are “data processors”. There’s a difference of responsibility here, and the clue is in the titles – a “data controller” is someone (or something) that actively determines when and how any personal data is processed, and a “data processor” is someone (or something, other than an employee of the data controller, that merely processes (so doesn’t use) any personal data.
Here at Mediablaze, we manage social media for several clients in various forms – social advertising, asset creation, community management, etc. This means we’re directly communicating with our clients’ audiences, and sometimes it even involves passing on personal details.
Paid social & ad targeting
As far as consent and data use is concerned, these will be effectively covered by the terms and conditions and privacy notices of the different social platforms – say for example Facebook. Whether this will remain true (since the platform is under heavy scrutiny in the wake of the Cambridge Analytica scandal) time will tell, but for now it seems nothing will be changing. So, if you’re a paid social manager, you can happily stay targeting audiences (although, be careful with lookalike audiences).
Now this is where it can get a little tricky. When people complain via social media, we ask for their contact details to pass on to customer services. In most cases (if not all), we’re merely a data processor on behalf of our clients. The responsibility then lies with our clients – they’re allowed to contact the customer about their complaint, but they can’t add them to their CRM system and opt them in for newsletters. Unless, of course, the customer gives their consent (not likely when they’re angry).
Part of good community management is finding & starting conversations rather than waiting until they find you. Tools like Hootsuite can easily help you set up searches to find those conversations. Because these conversations happen in the public realm, you won’t have to worry about GDPR.
Realistically, not much is changing for social, or even content marketing in general. If anything, there’s something to say about upping your content marketing game, as this new GDPR will filter a lot of the noise out there. Offering valuable and insightful content and having meaningful conversations online will help you maintain that relationship with your audience, and make you stand out from the crowd. All in all, the new GDPR might just be a blessing in disguise – even for brands.
Need help with your social, or just want to say hello? Get in touch via [email protected].