Data is everywhere. Every email you write, website you visit or picture you send leaves a trail of data behind it, one that’s captured, analyzed and stored in the cloud for the unforeseeable future. That individual pile of data is your digital footprint, and according to the Economist, it’s “the world’s most valuable resource.”

But what exactly makes this data so valuable?

Data is every company’s key to unlocking insight into customer experience and lifecycle journey. The more businesses know about this journey—from the moment a lead enters the funnel through their transition into a customer—the easier it is to optimize the path to purchase.

The trouble is, as the value of something increases, so does its subjectivity to misuse or theft. Scandals, privacy scares and issues with data storage have all caused consumers to demand transparency from anyone collecting personal data, particularly on social media.

gdpr complaince

Knowing that 57% of customers don’t trust brands to use their data properly, something needs to change. The standards for regulation, need to change.

Enter, GDPR.

Let’s Start from the Top: What Is GDPR?

GDPR stands for “General Data Protection Regulation”—something Marketers have been hearing about for months now, though it was only officially put into effect on May 25th of this year.

At a basic level, GDPR is a new regulation for data privacy. What makes this policy so notable, however, is that it standardizes privacy practices across the entire European Union into a single set of rules. And while GDPR was intended specifically for the EU, any company that interacts with an EU partner, consumer or organization, is subject to the same rules.

In short: GDPR affects just about everyone.

The GDPR requires companies to build privacy settings into their websites and products, conduct regular privacy assessments and strengthen the way they ask for permission to collect, access and store personal data. In this case, “personal data” mean any information that represents an individual’s professional, public or private life—including photos, names, email addresses…even posts on social media.

Failing to comply with GDPR’s regulations can result in serious repercussions. Not only would you lose the trust of your prospects, customers and promoters, but violators face fines as high as 4% of your global turnover, or €20 million (about $23.5 million).

what is gdpr

GDPR is paramount for individual privacy and protection, but it has an obvious and subsequently negative impact on Sales and Marketing.

For example:

  • Companies must obtain permission (voluntary opt-in) before using any personal data to their advantage.
  • Businesses must give valid reasons for why they’re collecting data, and for how long they’ll hold onto that information.
  • User data cannot be shared with a third party.
  • Consent can be withdrawn at any time and information must be removed from the system (right to be forgotten).
  • Retargeting of collected data without opt-in consent is no longer allowed.

A Few of the Best GDPR Resources

The path to success with GDPR compliance starts with an audit of existing data collection practices and identifying areas where data security and privacy can be improved.

Before any of this can take place though, it’s imperative to first establish a strong understanding of GDPR. Without this background, it’ll be impossible to connect the impact of GDPR back to your marketing and social media strategies.

Here are a few of the top GDPR resources to get started:

The Industry-specific support for:

The WP29 Guidance on:

As the list above indicates, preparing for GDPR is complex—but the benefits far outweigh the effort. Companies that are vocal about being GDPR-compliant build stronger trust among customers, higher levels of engagement on social media and an enhanced, secure marketing strategy.

How Does GDPR Impact Marketers?

GDPR is centered around regulatory measures that prevent marketers from having too much control over the data they collect or have access to. The trust that consumers had in companies to use their data safely has been broken, and GDPR is a direct response to that exploitation of information.

As complex as GDPR may seem, it actually comes down to just 3 critical areas:

  • Permission
  • Access
  • Management

what is gdpr

1. Permission

Perhaps the most important component any GDPR-aware marketer needs to manage is permission.

Before adding any individual—lead, prospect or customer—to a marketing campaign or email list, employers need to obtain voluntarily opt-in. This free, informed and unambiguous consent is required in order to continue communication between brand and consumer.

TL;DR: That pre-ticked box automatically opting people in isn’t going to cut it anymore.

2. Access

One of the most common concerns for companies as they navigate GDPR compliance been the “right to be forgotten.”

This gives people the right to remove inaccurate or outdated data from their digital footprint, putting more control in the consumers’ hands around data accuracy and the accessibility of any data collected. Already, Google has been forced to remove certain pages from the SERPs in order to maintain compliance with these new regulations.

It’s ultimately the responsibility of the marketer to ensure that any information collected is then stored in a central and easily accessible  location. It also means providing a way for those same individuals to remove their consent at any time.

In the case of a contact who, at one point, opted-in to weekly blog updates, but now no longer wants to receive that content, the solution can be as easy as adding an “unsubscribe” link to the bottom of your emails. While this may seem obvious, 8% of all automated emails still fail to include an unsubscribe link.

3. Management

It’s not unusual for marketers to get a little data-hungry—technology makes it so easy. But unfortunately, this endless collection of consumer data is coming to an end.

Under GDPR, marketers now have to justify the reason why they’re asking for personal information, which can then only be used as indicated in the opt-in clause.

This change comes with some positive side effects though, as it promotes data cleanliness and challenges marketers to be more purposeful in the data points they gather and why.

How Does GDPR Impact Social Media?

Now, the tough part. While you can drop an “unsubscribe” link on your email campaigns and hope for the best, you can’t necessarily take the same approach with your social media marketing strategy.

what is gdpr

Many of the larger social networks have been working on their own versions of GDPR compliance, specifically because they’re considered to be both data collectors and data processors. As a result, social networks now provide users with clear guidelines on what data the platform will collect and how it will be used.

For some (depending on your industry), this means that the platforms did much of the heavy lifting rom an informational and consensual perspective—so long as you’re within the scope of the platform’s regulations.

Are Private Messages Safe?

What happens when you move away from publicly marketing on social platforms and into a private message (PM)?

Sending a PM without permission could be classified as an unsolicited marketing message, but if your employee takes a friendly and personalized approach (not promotional and self-serving), it’s unlikely.

That said, privacy policy details will vary from network to network, so you’ll need to get familiar with the nuances (consider it your nighttime reading). LinkedIn, for example, has confirmed that inMail messages are still acceptable methods of communication under GDPR guidelines.

With anything GDPR-related, it’s important to be cautious.  We’re still in the early days, so act under the assumption that obtaining any information illegally will have resulting consequences.

How Does GDPR Impact Employee Advocacy?

GDPR represents a formative shift towards the way brands communicate with consumers. Their demand for personalization and transparency is a push in the right direction for employee advocacy, because while GDPR revokes a brand’s ability to send communication without consent, employees are not held to those same standards.

what is gdpr

As with any strategy though, employee advocacy requires consistent attention and a long-term strategy for generating buy-in from both employees and your prospects and customers—especially under a culture of compliance.

Here are a few questions to ask yourself when leaning on employee advocacy to work around GDPR restrictions.

1. Can a Sales Rep Contact a Lead Using Information Found on Social?

Marketers may have historically encouraged their Sales counterparts to leverage social media as a way to identify potential leads given a certain criteria segment and build prospecting lists.

Well, those days are over.

When social media users give consent to interact with a social platform, the consent is for that platform only—meaning, employees can’t use the data collected on one channel and transfer it to another. Organizations need explicit approval to carry a contact into any CRM or MA platform.

Although sales reps can no longer send mass, unsolicited emails, they can go to someone’s profile and send a tailored, individual message. Of course, that person will be able to request not to be contacted anymore (in which case your employee will have to respect that ask), but the chances of an unwelcome response to a friendly, personal message are much lower than that of a blind email-blast.

2. Can Employees Use Social Networks to Interact with Prospects/Customers?

Employees have the same rights as your consumers. This means that they are allowed to engage with individuals on the same social media platforms that they use themselves—this is true of anyone on social media.

Employees who privately message prospects or customers will be required to act according to your company’s social media policy.

This could mean that reps tell a prospect why they’re contacting them right out of the gate, or, perhaps they take an approach that more naturally segways into that conversation. Regardless of the path chosen, the most important thing is that employees adhere to GDPR whenever contacting individuals and obtaining/storing their information

3. How Do I Empower My Organization to Take GDPR Seriously?

Lean on your employees and include them in your marketing strategy.

After all, they’re are the ones with the power—no longer solely in the hands of your brand—to create new touchpoints between prospects and customers. As your ultimate brand ambassadors, employees have the capability to amplify your content as a means to drive stronger relationships, relationships that ultimately lead to organic consent and opt-in.

And employees can exercise this ability free of constraint, and regardless of any GDPR policy change or social media algorithm update.

Tips to Get Your Social Media Policy GDPR-Ready

GDPR might restrict your ability to communicate with prospects, but that doesn’t mean you can’t build relationships—in fact, doing so is more important than ever before. There are still plenty of opportunities for social media to help you not just revive your marketing efforts, but strengthen them.

It simply requires marketers to immerse their campaigns in the regulations of GDPR. In order to do this successfully, you’ll need to know your audience inside and out.

what is GDPR

Be Hyper-Segmented

  • Segment your audience according to social media behaviors. For instance, split your customers up by the networks and topics they’re most interested in, demographic data, location, behavioral data, etc. This ensures that you’re serving up information most relevant to each group.

Tap into Micro-Influencers

  • Once you’ve segmented your audiences, look to employee advocacy to start building human-to-human connections. Said otherwise, start leveraging your micro-influencers. This will build on the feeling of affinity your clients have with your brand and improve your chances of lasting and mutually beneficial relationships.
Related Article
Micro-Influencers Will Become the Heart of Your Influencer Marketing Strategy in 2018

We've all heard of influencer marketing. We know the impact celebrity endorsements can have on brand awareness. And while one Read More …

Deliver Personalized Content

  • Finally, make sure that all the content you curate for your employees is personalized to suit the needs of their chosen segment. This will help to keep your customers engaged and interested in your brand and its mission.

Provide Training on Content Creation

GDPR rings alarm bells for many marketers who haven’t focused enough on targeted content. Instead of blasting emails out to everyone in your database, you’ll need to tailor your messages to suit specific buyer profiles.

While the result of targeting often results in fewer recipients, it will subsequently create a much stronger chance for conversion.

That said, you’ll need to invest more time in personalizing the conversations and interactions with your leads and prospects before they’re ready to buy. This is where employee advocacy training comes into play—employees need to learn how to connect with prospects without overstepping their boundaries.

Monitor & Engage

Finally, the most important part of engaging your social media audience in this GDPR-ready world is to listen before you speak. Nothing could be more detrimental to your brand than pushing forward with the same old strategies without any plan to measure your performance and track audience perception.

A good way to build relationships with your target audience (not to mention strengthen opportunities for future growth), is to hold onto the “social” part of social media.

Speak to your audience and ask them what kind of content they want to see. Encourage employees to reach out and solve consumer problems or offer unique forms of value that prompt investment in a deeper relationship with your brand.

Perhaps the most significant problem with social media marketing and GDPR is the compliance issues that arise when you take the data from your social platforms and use it for another purpose. When a person interacts with your brand on social media, they’re consenting to those specific platform regulations. They are not consenting for you to use their information for anything other than that—including email or retargeting on other social networks.

This increases the importance for employers to establish defined social media policies in accordance with GDPR, and make them available company-wide. Whether you’re in the EU or not, GDPR applies to anyone interacting with EU citizens—and social media is a global experience.

what is gdpr

Your documentation around GDPR should:

  • Educate anyone involved in your social strategy on how to manage GDPR
  • Provide information on how to avoid issues with data privacy
  • Discuss how to correct errors before they spiral out of control

Now You’re GDPR Ready, What’s Next?

While GDPR does add more restrictions to the way you communicate with contacts and how use their data, social media emerges as a powerful way to create the relationships that will prevail over any GDPR boundary.

GDPR compliance on social media starts with:

  • Assessing the data you already have, along with how you store and share it
  • Reviewing your current approach for opt-in and the “right to be forgotten”
  • Training employees on how to build meaningful relationships on social
  • Defining and circulating GDPR-compliant policies to protect your brand

As complicated as GDPR may seem, each change in the social space is in alignment with the one before it—they all share one common goal: To create authentic and meaningful relationships.

This, above all else, is the nucleus of your Marketing strategy.