If you are a start-up, you will probably end up starting your marketing efforts with social media platforms like Facebook, Instagram or LinkedIn. This is because of the simplicity and pricing of these platforms.
The General Data Protection Regulation (GDPR) has changed how these platforms can be leveraged by companies to drive their marketing efforts. To know more about what concrete steps to take, read here.
To make it easy for you, we are sketching out 5 simple steps for start-up, social media marketers that if you keep in mind, you will ensure GDPR compliance.
Step 1: List your Social-Media Activities
If you are a start-up, your first step towards social media marketing would be making a Facebook page or LinkedIn page of your company and later with activities like advertising. So, creating a list of all these activities and the corresponding data (if any) that you collect should be quite straightforward.
Step 2: Justifying These Activities
While using Facebook or other platforms for the purposes of branding, make sure the platform is compliant with the GDPR. Each processing activity should have a legal basis. Is it a contractual necessity, or are you taking explicit consent for it? You can read up on these terms if you don’t already know them. These two would form the basis for most of your activities on social media.
Step 3: Check If You’re Exporting Information
If you are using Facebook or LinkedIn to search for people, you are good to go. However, once you start storing the names or any other Personally Identifiable Information (PII) from these platforms into your own Excel sheets or Customer Relationship Management (CRM) software, then you need to take consent for this specific activity. PII could be any information that allows you to identify the individual. So, make sure you take consent and inform the person what you will do with their data before you collect and store it.
Step 4: Advertising Requires Consent Too!
If you start using any social media platforms’ advertising services, you will, for sure, need consent. Some platforms will allow you to take this consent in an electronic format. In case the leads generated are from a platform that does not give you this option, you need approval from people before collecting their email addresses or names. The check-box at the bottom for this kind of advertising is the magical solution.
Step 5: Develop a Standard, Long-Term Strategy For Retention And Deletion
As a start-up, you will be doing a lot of A/B Testing. Plus, you will use some hacks as well. The important thing you need to do is to test how often people get back to you and after how long. You also need to assess how long you must keep the data in your database or records & develop your deletion strategy and timeline. It would be even better to inform your data subjects, i.e. your users/consumers/customers of this.
When planning a social media marketing activity, keep these five pointers in mind, and you will not go astray!
To be able to condense all the information for SaaS companies to be GDPR compliant here is a checklist of dos:
1. According to Article 5: Creating & agreeing with data protection goals
2. Article 37: Appointing an internal DPO without conflicts of interest
4. Article 7: Adding “cookiebot.com” consent
6. Adding a feature This needs a little more details like:
- Article 15: User’s right to accessing all the data
- Article 16 & 17: Right to editing or modifying a feature, or to delete & forget. Providing automatic deleting or a timeline to delete user’s data.
- Article 18: Right to stopping automated profiling
- Article 21 & 22: Right of the objection of processing & profiling feature
7. Creating records of processing activities and maintaining it.
8. Asking third-party vendors to be compliant if you have any suppliers or subcontractors.
9. Some technical measures for IT are:
- Adding anonymization, if the user is not using your system.
- Adding encryption to your systems
- Having the authentication mechanism to modify data
- Two-step authentication
- Focusing on data minimization
- Showing that the system has a strong backup
- Web Application Security such as TLS, SSL
- Europe or US Datacenters & its protection
- Encrypted passwords for all the systems
- Protecting internal hard drive or cloud drive.
10. There are also some organizational measures, as well:
- Educating the team about data & privacy protection
- Laptop, other devices & physical access to your office should also be well protected.
11. Sales & marketing measures include: Taking consent in all form & record it, informing customers about CRMS, automatic & analytics tool, having an opt-out button always.
12. “As a SaaS vendor, you must provide the data processing agreement on your customer’s behalf & promise the technical measures to that, for which Ecomply.io can also help you.”
13. Having a different level of controls in HR so that nobody has access to all the system.
GDPR Compliance with Ecomply
You can also leverage GDPR compliance to brand yourself as a company who deals with your data responsibly. ECOMPLY.io allows you to show your compliant status in the form of a badge. Once you go through the first eight steps in the app successfully, you will get a badge to put on your website. This shows your customers that you care about their privacy and have made tangible efforts to keep their data secure. It can increase your users as well as website visitors by 62%. Moreover, it increases the trust consumers have in you, making them more loyal to your service/product.
To learn more about how you can earn this badge, sign up for a free trial to experience GDPR compliance as a marketing tool and to get more trust from your leads!