In late May, the European Union’s new General Data Protection Regulation (GDPR) went into effect, providing consistent data protection rules across Europe. All businesses who operate in Europe or have customers or clientele in Europe must comply with the regulations, which include how companies collect, process, and store personal data. On the same day GDPR went live, Facebook changed its policies in order to ensure that the companies using its platform to do business are in compliance with the regulation. If you’re unsure as to whether your company meets the conditions of Facebook’s new GDPR policy, here are five steps you should take right away.
Determine if you are a “data controller” or a “data processor.”
Both data controllers and data processors have specific responsibilities under GDPR, and it’s important to understand what your responsibilities are. As explained by Facebook, in most circumstances, it is the data controller and you are the data processor. However, there are exceptions. A data controller has the responsibility to decide how and why the data is being collected, and to adopt GDPR-compliant policies that clearly state what the data is being used for, how long it will be retained, and how users can view and manage the data that has been collected from them. The data processor processes the data that is collected by the controller. The circumstances in which Facebook becomes the data processor for you includes when it uses your CRM data to create a custom audience for your advertising campaigns; when you use measurement and analytics tools, including insights as to who saw and interacted with your ads; and Facebook’s Workplace tools, which allow company collaboration on the platform and require Facebook to process personal data to perform this service.
Consent before cookies.
You cannot gather data for ad targeting or measurement through the placement of pixels, or “cookies,” from your ad account on any other site without Facebook’s permission. Further, if you have these pixels on other sites, you must inform users that you are collecting this information and provide a link detailing how users can opt-out of this collection of information.
What is your complaint protocol?
Are you prepared for a complaint regarding the way your business collects, processes and stores personal data? If not, then it’s time to develop your complaint protocol. According to Facebook’s new policies, you are required to report complaints from users — both direct and “threatened” complaints — to Facebook as soon as said complaint is issued, and to cooperate fully with Facebook in the response to it.
Keep your analytics under wraps.
Facebook offers powerful campaign reports and analytic tools for your business to use in measuring the progress of your marketing on its platform. However, it is important to be aware that Facebook’s new GDPR policy prevents you from sharing this reports with the public. In addition, you must not share even the anonymized or aggregated data with third parties unless you receive permission from Facebook to do so.
Get verified.
According to Facebook’s new policy and in an attempt to reduce the number of “fake” accounts on the social media platform, if you run a business page with a large number of followers, you will be required to verify your identity and the identities of others who administer your page. Those who do not pass the verification process will no longer be allowed to post.
These are just a few of the items you need to do to ensure your company’s compliance both with Facebook’s new policies, as well as the GDPR itself.
Learn how M1 Data & Analytics helps businesses with data here.
