GDPR and Digital Marketing

A guide to help Canadian companies ensure that their digital marketing activities on channels such Facebook, Twitter and Google are legally compliant with GDPR.

The beauty and power of social media marketing as a business tool is in the name, it’s social. It is based on the connections and relationships that exist between people and communities, and these connections are based on individuals. The ability to identify and target advertising on social media with such precision based on, say, their characteristics, their connections, or their activity, is what makes this method of advertising extremely powerful. In fact, major platforms such as Google, Facebook, Twitter and LinkedIn are continually investing in their ability to target consumers and businesses with increasing efficiency.

It also means that inherent within it is the fact that data collected for the purposes of social media marketing is very often personal data in that it relates to identifiable living individuals. As such you have to ensure that you comply with GDPR in relation to any personal data collected and used by you for the purposes of such marketing.

Often social media marketing is used for what is referred to as lead generation, i.e. it is used to capture the identity and contact details of potential leads for a business. This is an established and effective form of direct response marketing but, again, inherent within it is the fact that in doing so the personal data of idenfitifable individuals is being collected; and this brings the activity within the scope of the GDPR.

Another feature of social media marketing is the use of what is known as lookalike audiences, whereby details of existing contacts of a business can be uploaded to social media in order to allow that platform to identify other audiences that look like that existing list. In this case, it is important to be clear that the data being uploaded for that purposes is very likely the personal data of the individuals concerned. If those individuals are located in the EU it would be essential to ensure that any use made of that data is compliant with GDPR.

Your obligations if you are marketing to EU citizens

If your business is based in Canada or anywhere outside of the EU and you are collecting data on individuals in the EU as part of your social media marketing, you need to ensure that any transfer of that data outside of the EU to your business is GDPR compliant. The GDPR prohibits transfers of data outside of the EU unless appropriate safeguards are in place to protect that data and ensures that it will continue to be subject to the GDPR or equivalent levels of data protection safeguards after the transfer.  In particular, if your business is located outside of the EU without a physical establishment in the EU and you are processing data on people in the EU, then you will need to ensure that you have appointed a representative in the EU pursuant to Article 27 of the GDPR before any data on anyone in the EU is collected and transferred by you.

Useful Links

GDPR symbol surrounded by stars

Schedule a Call With Us Today

If you process data on EU or UK data subjects and appreciate that compliance with the GDPR is essential for risk management, data-security and customer-confidence in your international business and you feel that you are a good fit for our EU representative services please click the button below to schedule a free call with us today. Assigning an EU or UK representative for your business is a straightforward process and we’ll be happy to talk you through it.

During the call we’ll answer any questions you may have and we’ll go through our service in full detail so that you have a complete understanding of our solution and how it can benefit your business. We look forward to speaking with you.