Four years in the making, the European Union's General Data Protection Regulation—or GDPR—package comes into effect on May 25th. This regulation applies to all social networks and web services operating in the European Union and focuses on protecting consumer privacy.
But—do you know how GDPR affects you?
GDPR will change how many social networks and web services operate worldwide. It has a number of built-in regulations pertaining to how social networks are allowed to store and use customer data, consumer's right to export data, and more.
In this article, we'll discuss how GDPR will affect social media companies, web services, and brands on social media. Before we start, rest assured that Social Report is not changing due to GDPR regulations. We've met or exceeded all GDPR privacy requirements for years.
Note: GDPR applies to all web services. For the sake of this article, we are focusing on how GDPR is affecting social networks and brands on social media.
GDPR applies outside of the European Union
First thing's first: even though GDPR is a European regulation, it applies outside of the 28 EU member states. All companies that operate in the EU must adhere to the new regulations. And since this is one of the largest markets in the world, we'll see all web services and companies comply.
There are many parts to GDPR
GDPR is a package of regulations that affect consumers in different ways. We've broken down key parts of the GDPR regulations below. You can see the whole GDPR document here.
Mandatory Privacy Notices
All web services or other "data controllers" that record and process user data must provide a written privacy notice to its customers. These notices must include things like how user data is processed and why its being processed. These notices must be free of charge and be written in plain language (i.e. no legal jargon).
The Right to Be Forgotten
Businesses are now obligated to erase customer data under certain circumstances. Some examples include when data is no longer needed and when data was processed illegally. You can view the full list of clauses here.
Consumers Must Be Able to Export Data
GDPR requires social networks and other web services to let users export data collected about them. In most cases, this means being able to export all data one has provided to a social network. In the case of Facebook, this would be all posted content, location data, and more.
Did you know that Social Report has a social network export feature of its own? Check it out.
Data Protection Impact Assessment
All new high-risk data processing technologies must undergo some sort of impact assessment before being rolled out to the public. This is meant to cute the risk of leaks and other privacy risks and make companies fully assess new technologies before implementing them.
If data is breached, the data holder is now required to notify EU member states within 72 hours of the breach. Further, the services must notify users shortly after notifying governments.
How are social networks preparing for GDPR?
The major social networks have been prepared for GDPR for months. For example, Instagram added data export features and Facebook is prompting users to review their privacy settings and added the ability to opt-out of facial recognition. These changes are especially important for Facebook in a post-Cambridge Analytica world.
What does your brand need to do to stay compliant?
In terms of social media marketing, your brand doesn't need to do anything to stay GDPR compliant. The terms and conditions of social networks will provide proper privacy notices to your customers. So, in short: GDPR is a social network issue, not a brand issue.
That being said, you still need to follow European (and other) privacy laws. For example, your brand cannot send unsolicited email blasts to customer email addresses unless you have explicit permission from the customer. However, this isn't any different from in a pre-GDPR world.
Is Social Report Compliant?
Like stated earlier, Social Report has been compliant with GDPR for years. We value customer privacy and believe that you—not the social networks—own your social media content. If you have any questions about Social Report's GDPR compliance, email or Tweet us.
As you can see, GDPR is a broad regulation that has a major effect on all companies that operate in the European Union. It goes into effect on May 25th so make sure that your company is compliant by reviewing information practices and using a compliant social media management too.
We believe that it will have an overall positive effect on consumer privacy and lead consumers to feel more comfortable using social media.
Need a GDPR-compliant social media management software? Start your Social Report trial.