Fake news, tweaked news feeds and now GDPR, social media is set for a bumpy 2018.
In case you had not heard of one of the substantive changes to data legislations in history, the General Data Protection Regulation (GDPR) legislation will come into effect on May 25.
GDPR heralds a wave of changing to existing data regulations and it applies to any company or project working with EU citizens or entities.
If your company has even just one European client out of 1 million, if your data passes through European servers, even if it’s just 1% of your traffic, or if you have a mere smattering of EU based followers on your Facebook page, you are still liable under GDPR.
GDPR is the brainchild of the European Commission and is designed to protect the data privacy of EU citizens.
Despite its adoption two years ago, the majority of companies affected by GDPR have thus far failed to prepare for implementation.
Taking into account the rapid growth of internet services consumption and total internet penetration in EU countries, GDPR was just a matter of time.
Nowadays there are numerous online services, databases, media portals, websites, online stores and more, which all collect, store and process your personal data, sometimes even selling it to third parties.
GDPR aims to be a safeguard against illegality and exploitation, and as it will cover all forms of online interactions social media will be affected too.
You (don’t) gotta fight for your right to data
If you only venture onto social media as an individual user then do not worry, you do not have to do anything about GDPR. However, if you want to enjoy the full benefits of GDPR, including the right to be forgotten, you would do well to study the legislation.
For example you want your personal data to be deleted, you should know that you need to contact the data controller directly who handles your personal information, and not any third-party processors.
A data controller is an individual or entity that decides how data will be used and for what purpose.
Fail to prepare and you’re gonna fail
If you run a social media company, or run a company based on a social media site or page, GDPR heralds some important changes that are nonetheless relatively simple to adapt to.
As collection and storage of personal data is performed by social media entities themselves, followers will need to provide explicit consent all data matters to comply with GDPR.
Also, if a company that uses social media transfers the personal data of their followers from social media to third-party processors, then such transfers should be covered by personal data-protection clauses (PDP), designated in GDPR, and potentially other auxiliaries such as trans-border transfer agreements, separate explicit consents within social media account etc.
Make sure you cover all your bases
For large enterprises like Facebook, there are a lot of procedures and control mechanisms to implement.
The first and most important is the adoption of explicit consent for each user, meaning that everybody who provides a social media platform with their personal data should be warned that this data could be processed etc., and that they agree to each procedure that you intend to perform separately.
For example, this could be a list of procedures that will be done with your data and one tick-box on the bottom, but a tick-box for each particular procedure (this is being called an explicit consent).
Adapt now, thrive later
GDPR is important and will likely change a lot about how we operate on social media, whether or not you are an individual user, a social media employee, or a business owner dependent on social media.
While some of the changes may be difficult, overall GDPR stands to benefits everyone affected. Understand the regulations and adapt to them quickly and you will doubtless thrive under the new conditions.
By Andrew Sweeney