All businesses today need to be concerned with data protection. Nevertheless, with so many different communication platforms, it can almost seem impossible to know where to begin.
Social media is an excellent tool in terms of finding out what your consumers want from you and what they think about your products and services. Did you know that 72 percent of companies use data from social media to help them make business decisions? This is a significant number, and if you fall into this category, you need to make sure you use social media responsibly and are on top of your social media data privacy.
​​
As we use social media as a direct communication channel between consumers and businesses, it is vital to ensure social media platforms are secure and that you handle any personal data in a responsible and lawful manner.
Keeping that in mind, in this guide, we will tell you everything you should know about social media and data protection.
Managing your interactions online in accordance with data protection laws
We use social media to post public messages. This can sometimes mean that personal data is exchanged via social media. It is vital to understand that when data is posted on social media, the person using the social media network is the owner of this information. It is certainly not owned by your brand, nor is it owned by any agency that acts on behalf of your business.
Every social media platform, be it LinkedIn or Facebook, has its own set of guidelines, as well as in-depth privacy notices. Every social media advertiser and user must comply with this.
Nevertheless, brands must go one step further and establish their own privacy notice. This should indicate how you are going to use personal data in line with the General Data Protection Regulation (GDPR), as well as any other laws or rules that have been implemented.
Data protection when running competitions on social media
There is no denying that competitions have become a highly effective method of marketing and advertising on social media. This is a great way of building brand awareness and increasing engagement. Plus, you will create user-generated content as well.
After all, whenever someone enters your competition, they will share your post and advertise your brand to all of their followers. It is likely that some of their own followers will do the same thing, and so it has a powerful snowball effect.
If you are going to run a competition on the likes of Facebook or Twitter, it is critical to make sure that you put together some of your own terms and conditions that should explain how to enter the competition, how the competition works, and how data is going to be collected and used.
What to do if a user sends you personal information publicly over social media
Not only do you need to put together a social media policy for your brand but you need to make a dedicated effort to ensure that this social media policy is being implemented effectively.
If someone wishes to share their personal data with your brand, you are advised to send them a message and suggest that they delete this public information and instead send you the data via private message.
You can have a boilerplate message ready for situations like this. For instance, your message could state: “We care about our customers’ security, and we advise that you send us any personal details privately for your own safety.’
Users on social media may not be aware of what could happen if they were to share personal data via a public domain in this way. So, it is vital to make sure you moderate your platform and provide advice for users where necessary.
Handling B2C vs B2B data
It is vital to understand that the GDPR only applies to personal data that relates to an individual. This is not a regulation that is applicable to company information.
However, there can be a few blurry areas, which you do need to keep in mind. For example, the contact details of an individual or individuals working for a specific organization or business fall into the definition of personal data. This means you are not allowed to share the name of an employee, or their phone number, email address, or social media account.
The only exception to this is when there is a generic email address that a number of different staff members use and monitor. For example, email addresses that begin with “customerservice@” or “sales@” will fall into this category.
If the individual’s information comes under the GDPR’s definition of personal data, you do need to continue to act in accordance with all of the GDPR rules and regulations.
Some of the different pieces of information in the B2B sphere that is not deemed personal information, and therefore do not relate to GDPR, include the number of people that currently work for the business, financial figures, or a postal address for the enterprise itself.
​​
How does GDPR impact linking your social network channels?
We’re sure that you probably link your social network channels to your website or your email, and so it is vital to make sure you are doing this in a responsible manner.
The good news is that there is nothing that restricts you from linking your social media channels via your email or website under the General Data Protection Regulations. This is a great way of integrating your marketing efforts and reaching more people online.
However, you will need to ensure that there is a part of your data privacy notice that explains how you will utilize any of the contact data you collate on social media.
Companies also need to make certain that they create and implement a social media policy internally. This policy is designed to make sure that people working for your company know how they should use and respond to any data that has been sourced via social media.
Manage custom audiences on social media while also adhering to GDPR
Next, we need to understand how to use custom audiences on social media. A custom audience refers to a list of consumer contacts that fall within a specific area of your audience.
For instance, you may decide that you are going to create a custom audience list that is made up entirely of social media accounts that engage with your business regularly. The list may contain all of the people who have engaged with your brand “x” number of times on Twitter, for example.
To create a list of this nature, you must share consumer information so that the platform can match it with their database. Typically, an email for the customer will be required. In some cases, you may need their phone number from their mobile SIM plan.
An important part of this process involves data scrambling or “hashing” – this means making sure that the data is obscure but still unique. This ensures that matching can be a success while also keeping the data protected from threat actors.
Once the information is matched, this gives you the ability to target customers on your list with specific adverts that are going to be more likely to appeal to them when they are using the social media platform in question.
It can be highly effective to create a custom audience. This is particularly the case if you segment the list before it is uploaded.
In this situation, it is imperative to make it clear and evident within your privacy notice that the personal data you hold about your consumers is going to be used for the purpose of finding them and contacting them via social media. Of course, they should also have the option of being able to opt-out of this if they wish to do so.
In fact, Facebook has implemented a Custom Audiences Permission Tool, which means that marketers will need to confirm the correct consent has been obtained under General Data Protection Regulations. You won’t be able to upload personal data to create your custom audience without doing this.
If you have a data privacy notice that you have already developed, yet it does not include a statement regarding the data you already hold and how you will use this to find consumers on social media, you must amend your data privacy notice as quickly as you are able to so you can show that this is the case.
You should choose language that is easy to understand. Clearly explain how this data is going to be shared with social network platforms. Also, make sure that you state that this is going to be done on a legal basis of consent.
Another option that a lot of businesses like to follow when it comes to the use of data is the creation of “lookalikes.” As the name indicates, this involves incorporating individuals that have characteristics like your customers in the initial upload. This is used to expand your audience at a quick pace, and it is proven to be highly effective.
Should you decide to use this approach, you are not going to need to get consent from your customers because you are not going to get targeting that individual consumer specifically. Rather, you are going to be targeting individuals that are like that person.
What about retargeting adverts on social media?
Now, let’s move on to the area of advertisement retargeting on social media, which will provide you with the ability to show adverts to people who have already been on your website before.
If you go down this route, a pixel will be placed onto your website, which visitors are unable to see. Basically, in the user’s browser, a unique cookie will be placed. This means that you can easily identify whether or not a person has visited your website before.
We are sure that you will have seen a cookie pop-up when landing on a website previously, and this is the sort of thing that cookies are used for.
However, do make sure that consent is sought when it comes to using these sorts of cookies. This is required as per the Privacy and Electronic Communications Regulations. It is imperative that you ensure the consent you receive for the use of retargeting cookies meets the standard of content that the GDPR states.
General cybersecurity measures your business will need to adhere to
One thing that all companies need to take very seriously today is cybersecurity. If you turn on the news on TV or do a quick search online, you will see that there seems to be news about a big data breach every week, if not every day.
If your company ends up suffering a breach due to weak social media security, you could find yourself with monumental reputational damage and massive fines to pay.
At a very basic level, you should be doing the following:
- Make sure that all client or customer personal data is encrypted and stored in a secure manner.
- Any CRM solution or software you use that involves personal information needs to have multi-factor authentication. This means that it is not only password protected but another layer of security is implemented as well.
- Put in measures to ensure that you have a secure network. Examples include firewalls, network segregation, encryption, and much more.
- Make sure that every single device that is connected to the Internet has strong anti-virus software in place.
If cybersecurity is not an area that you have any sort of experience in, it certainly makes sense to look for a personal cybersecurity company that can do a test to figure out what vulnerabilities you currently have so that you can put steps in place to rectify them.
Closing words on data protection and social media
As you can see, there is a lot that needs to be considered when it comes to protecting your business on social media. However, this is not something you can afford to overlook. It is your responsibility to make sure all data is handled correctly.