News | 1/03/2018

The GDPR guide to social media advertising

Posted by Lawrence Greenlee

With GDPR coming into effect in less than three months, here at Cobb Digital we’ve been thinking about how the new regulations will affect everything we do. So far we’ve brought you guides on ensuring your email marketing, SEO strategy and paid media activity are in line with the new regulation – now we’re tackling social media advertising.

Social media is such a big part of any digital marketing strategy and the last thing you want to worry about is whether your audience has provided you with appropriate consent to store and use their data. Well, we’ve got some good news! As far as data collection and usage is concerned, these will be covered by the terms and conditions and privacy policies of each platform. And when it comes to advertising on social media, all channels have got your back – for the most part, anyway. It’s worth bearing in mind that there are some actions that we, as advertisers, have to make sure we follow in order to be fully GDPR compliant.

When it comes to social media platforms shouting about the measures and practices they’ve put in place to welcome the new laws, Facebook definitely wins the gold medal. With over 2.2 billion people active on the platform, the social media giant that recently bought Instagram and WhatsApp has been telling us how seriously they take data protection and privacy. They are committed to transparency, control and accountability when it comes to complying with data protection laws. In most instances Facebook will act as a data controller, but there are some cases when the platform acts as a data processor, making businesses, and not Facebook, responsible for ensuring that the data they provide and/or collect is GDPR compliant.

Facebook aside, there are a few ways that GDPR will affect social media platforms across the board:

Custom audiences and lookalikes

We all love a good remarketing strategy. Whether it’s targeting users within your existing database or marketing to people who visited your website and people with similar characteristics, the remarketing approach can deliver great results. However, it’s worth being mindful of the way you’re collecting this data in the first place – just like display and PPC remarketing. These are the kinds of questions you should be asking yourself:

  • Has your database been carefully reviewed to ensure you have all the necessary measures in place to prove your data is GDPR compliant? This includes being able to demonstrate that all users within your database have given informed consent for their personal data to be stored and used and, if not, permission will need to be collected again.
  • Have you included an opt out button on-site for cookies? This is now considered profiling under the new regulation so all users need to be informed in clear, transparent language and also be able to object.
  • Have you updated your privacy policy to reflect the new regulation? This will include further information on what kind of data is collected on your site and how it will be used by you and third parties (social media platforms).

As mentioned earlier, bear in mind that all data collected by the Facebook Pixel will already be GDPR compliant, but it’s always worth having everything in the right place to make data storage easy. As we like to say, better safe than sorry!

Data capture ads

A database of engaged users is every marketer’s dream, and a highly targeted data capture campaign can help you achieve just that. But before thinking of all the amazing things you can do with your new and improved email database, you need to ensure that all users know exactly what they’re signing up for.

GDPR provides individuals with a series of rights, including the right to be informed and the right to erasure. So what implications will this have on collecting data through lead generation ads? It’s simple. You’ll need to ensure that the information you provide about the processing and storing of personal data is written in a concise, transparent, and easily accessible manner. This covers what users should expect from your email marketing, an anytime opt out guarantee and a link to your privacy policy.

Top tip: As part of gaining informed consent from users, you should check that for each new email sign up you record:

  • Email address
  • Opt-in time/date
  • Consent wording
  • Source

Storing data securely

Finally, it’s very important that once you’ve collected any data, it’s stored in a safe and secure database. Because individuals now have the ability to request access to their data or have it erased from a company database at any time, it’s important that data can be effectively maintained. Make sure your ESP (email service provider) and CRM (customer relationship management) system have the right features to allow you to retrieve data in a quick manner to fulfil any access requests.

Having said that, it is paramount that you also ensure overall account security. Different passwords and secure IP addresses are only a few of the customisable security settings you could be taking to ensure your data is stored safely.

At Cobb Digital, we’re ready for the GDPR and every department is up-to-speed on how these new regulations will affect our clients and the work we do for them. Whether you’re just starting off with social advertising or you’re unsure how your efforts will be affected by the GDPR, give us a call or pop in for a coffee so we can tell you more. You can also download our comprehensive GDPR guide here.