Main Menu


GDPR: What Do the New Regulations Mean for Social Media Marketers?

by Zia A., posted 2 months ago
Join 500,000+ users and check your own Twitter Stats for Free! Sign up now!

Since the early days of the digital realm, the internet has been likened to one notorious environment – the Wild West. While technology has advanced at an exponential rate, compliance and regulation have crept along at a snail’s pace, struggling to keep up. Today, the amount of data we provide via ‘smart’ devices and the Internet of Things (IoT) boggles the mind. At current rates, we create 2.5 quintillion bytes of data daily. 90% of the world’s data was generated in the last two years alone. Two years! As big data and technology continue to explode, governments and regulatory bodies are rushing to find new solutions to protect users. Enter the GDPR.


What is the GDPR?

GDPR stands for General Data Protection Regulation. This EU-crafted game-changing data privacy law went into effect May 25th, 2018. The regulations help users gain a greater level of control over their data. They also offer more transparency throughout the collection and use process.


Who Does it Affect?

Don’t be fooled by the GDPR’s European origins. The law applies to any organization handling the personal data of EU citizens and residents. In today’s global market, chances are that includes you.

If your business has customers in the EU, if your goods or services are used by EU citizens (regardless of whether or not payment is involved), if you collect or process any personal data for an EU resident (including a foreign citizen temporarily located across the pond), GDPR applies. And the EU has promised to impose hefty penalties for businesses that fall short.


What Happens If You Aren’t GDPR Compliant?

Failure to comply with GDPR doesn’t result in a slap on the wrist. Lesser offences (e.g. failing to report a data breach, failing to notify customers about a breach, or failing to administer the correct data protection protocols) come with a €10million fine (or up to 2% of annual revenue, whichever is greater). For more serious infractions (e.g. data infringement, insufficient procedures for handling data, unauthorized transfer of data, or ignored requests for customer data access), the penalties are doubled.


How Does GDPR Affect Social Media Marketing?

As a social media marketer, you may not be in charge of storing and analyzing your company data, but you’re probably the conduit for collecting it. (Think Google Analytics, Facebook ads, subscription databases, etc.) Be aware of the role you play in GDPR before you end up costing your brand big bucks in fines.

You could read up on the nearly 100 separate articles in the legislation. As one journalist quipped, “if you enjoy being lulled into a coma, read the full legislative overview on the European Commission website.” But if you’re too busy keeping all your marketing balls in the air to dive deep into EU compliance law, we’ve compiled the three most important things you need to know.

You need to know how personal data is defined.

With GDPR, firms have to be explicit about the ways in which they collect personal data for marketing purposes. But how is “personal data” defined? The GDPR classifies personal data as anything that can be used as part of identification, including:

  • Name
  • Phone number
  • Email address
  • Financial or medical data
  • Photos
  • Electronic identifiers (e.g. device IDs or IP addresses)
  • Information associated with social media posts

You need to know the legitimate grounds for collecting and processing data under GDPR.

There are six legitimate reasons to collect and process data under the new legislation: contract, consent, legal obligation, vital interests, public interests, and legitimate interests. Consent and legitimate interest are the most relevant to social media marketing.

Consent basically means you have obtained an explicit opt-in from your customers.

  • They have a free and genuine choice to accept or reject consent (and are allowed to easily withdraw consent at any time).
  • They are aware of what data will be collected and how it will be used.
  • The request for consent is in clear and plain language.
  • Consent was explicit (i.e. inaction and pre-checked boxes do not imply consent).

Legitimate interest covers the ways in which a user might reasonably expect their data to be used, with minimal privacy impact.

You need to know what tools to use to continue to support your marketing efforts.

While many of your marketing tactics may be affected by GDPR, it’s helpful to know that the more organic methods of interaction and marketing (like posting content and engaging with followers) will remain relatively unaffected. So a strategy heavy on content marketing (through blog posts, videos, infographics, tweets, how-to’s, and more) will still allow you to build customer relationships without requiring personal data.


In conclusion…

Even if you’re not directly involved in the collection and processing of user data, it’s important to be aware of the implications of the GDPR. The legislation is designed to provide greater protection and transparency, so by taking a proactive approach, you’ll ultimately help build trust for your brand.


Use Twitter for content marketing and help avoid some of the more complicated aspects of the GDPR. Twitter Counter can help you leverage the platform to achieve all your social media marketing goals. Sign up today at