Social media and GDPR – What does it mean for us?

7th of June 2018 Article by Laura Napper
Social media and GDPR – What does it mean for us?

Laura Napper, managing director of Twilight Cleaning and Facilities Management, continues her series of exclusive blogs about social media for the ECJ website. Here she talks about social media and GDPR.

You'll have seen the many and varied emails from suppliers, vendors and partners, urging you to ensure you remain on their mailing list. Does it really affect us? The easy answer is YES it really does. But no need to close your social media account.

The recent GDPR law which came into effect on the May 25 which applies to all member states of the EU. It is potentially the most important change in data privacy regulation we've seen and it applies to any company that does business in Europe. And the fines for non-compliance are huge: up to €20 million or four per cent of your total worldwide annual turnover of the previous financial year, whichever is higher.

So, how do we ensure that this is taken seriously with social media? For starters, a small caveat - I'm not a lawyer, but understand the following pointers are sufficient. This is taken from my personal research - if any doubt, check with your legal department.

Firstly: try not to panic! For the main part, so-called organic social media is not affected. Posting content and engaging followers doesn't collect unsolicited data from people so isn't really part of the new legislation.

Secondly: make sure any social media data you do have, ie, contact details for any followers, is used diligently. Don't be tempted to email them all with an unsolicited message!

Third, it is assumed that followers on a social media account such as Twitter etc, have already signed up to the privacy policy of the media organisation. They are already proactively engaging with you, so it is not deemed necessary to send out a tweet or message asking everyone to ensure they want to stay. (However for the cautious organisation this can be an option, but be prepared for a drop in numbers!)

Fourth, and a vital point to make here: if you have added your social media followers to an internal CRM system, you must make that person aware. This could be via a privacy notice for example. You can't assume that anyone is happy to have their details held in this way anymore.

Paid social media ads are a different beast - you may want to check the terms and conditions directly with whatever system you use, such as Facebook pixel. As a rule, you must be aware of the following:

• Your customers must be given a free and genuine choice to accept or reject (and be allowed to easily withdraw their consent).

• You have to state what data will be collected and how it will be used.

• The request for consent has to be in a clear and plain language.

• Inactivity also doesn't constitute consent. Your customers have to take an action. (For example, pre-tick boxes for consent are not allowed).

Facebook and LinkedIn have specific GDPR sections for you to customise text and add your privacy policy.

There are of course benefits to the new legislation - your customers are proactively engaged enough to want to be on your marketing lists, so they are going to be interested in what you have to say! Relax and enjoy your social media, and most importantly, keep it social.

Any comments, questions, etc, I'd be happy to hear them over on twitter at @tenterdentwcc or @tenterdensloos or email me at


Our Partners

  • ISSA Interclean
  • EFCI
  • EU-nited