5 Things Facebook Advertiser Must Do to Become GDPR - Compliant

You’re a marketer.

You use Facebook ads to grow your business.

You’ve also likely heard of the General Data Protection Regulation (GDPR), and are probably freaking out about how it’ll affect you, your business… and your Facebook Ads account.

Wondering what exactly IS the GDPR, and whom does it affect?

Now that it's implemented, here's what it is all about in a nutshell - 

"Legislation brought into effect for the strengthening and unification of data protection laws for everyone residing within the *European Union*."

So if you have anyone from the European Union in your database, then they have certain rights under the GDPR:

  • The Right to Be Informed – People protected under GDPR have the right to be told how their data is to be used. Anything that happens to the data must be disclosed to them.
  • The Right to Object – Under GDPR, people must explicitly give consent before any data is to be used. And this consent can be withdrawn as easily as it is given.
  • The Right to Data Portability – If anyone under GDPR needs to see the information that an organization has on them, they must have an option to see their data.
  • The Right to Rectification – Any information on people protected by GDPR must be able to be edited when it is required by the person in question.
  • The Right to Be Forgotten – Lastly, information on people protected by GDPR must also be deleted when required by said people. There are some exceptions to this, like laws that require data to be kept in the case of accounting and bookkeeping, but generally speaking, if someone requests the deletion of his or her information, it should be done.

If you have European clients, buckle up!

For Facebook Advertiser Must Do to Become GDPR-Compliant

  1. Update Your Privacy Policy
    Let your customers know how and why you are using their data. Make sure to have your privacy policy on every landing page you have! 
  2. Use a Cookie Notification Bar When Using the Facebook Pixel
    You should display a prominent message when a page loads for the first time, informing your users what actions they can take to consent to your using of cookies
  3. Explicit Consent from Everyone Included in Your Custom Audiences
    Make sure you that your custom audiences are always up-to-date. As you cannot use your email list to create custom audiences without the explicit consent given to you by those people.
  4. Remove People from Your Custom Audiences When They Remove Consent
    What happens when people unsubscribe from your email list? They’re literally removing their consent– they’re saying “I no longer want to be included in this.” So marketers also need to ensure to remove those people from their custom audiences who have unsubscribed from their email list.
  5. Don’t Share Personal Data with Tools That Aren’t GDPR-Compliant
    If you are collecting any sort of personal data, and you run it through a platform or system that isn’t GDPR-compliant, then you aren’t GDPR-compliant either. Be careful!

What’s really important here is understanding how privacy and the laws surrounding it can really affect your business.