With May 25th approaching many businesses are trying to get ready for the new regulation changes imposed by the GDPR. Others are just realizing how this new legislation is going to impact their business.

What is GDPR?

The General Data Protection Regulation (GDPR) is a Regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It imposes strict new rules on controlling and processing personally identifiable information.

What’s different compared to the current legislation?

There are several key changes which include strengthened conditions of consent, which must be given in an intelligible and easily accessible form, the right of the data subject to have their personal data erased, and established elaborate internal requirements for processing and holding personal data by distinguishing the roles of data controller vs. data processor.

But the most important of all, or at least the one that grabbed everyone’s attention, is the penalty. Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater)! Yep!

Does GDPR affect your business if it is based outside of the EU?

The answer is simple – if you are holding and processing EU resident’s personal data, then you are directly impacted by the GDPR.

How is your Facebook Marketing affected?

1. Collecting user data using a Facebook pixel

   If you are using a Facebook Pixel on your website you will have obligations under the GDPR. According to the Guide to Consent, you need to ensure “a relevant legal basis (for example, consent, contractual necessity or legitimate interests)” for your use of consumer data. In simple words you will need to notify your website users that you are collecting their data and provide information on how and why you are using it.

2. Using Custom audiences for your targeting

   If you are using ad sets with custom audiences, you, as a data controller, are responsible for informing this audience that their personal data is being processed.

   Facebook is in the process of developing a Custom Audiences permission tool that will require confirmation that the third-party data in a Custom Audience has been responsibly sourced.

3. Lead Ads

   According to Facebook, “in the case of lead ads, both Facebook and the business are data controllers, thus, both parties are responsible for ensuring compliance.” This means that both you and Facebook need to let your prospects know that you’re processing their data.

   Facebook is, however, for once making your advertiser life easier by providing an option to link your lead ad to your privacy policy, allowing you to collect consent in real time.

   Facebook is, however, for once making your advertiser life easier by providing an option to link your lead ad to your privacy policy, allowing you to collect consent in real time.

Having questions about your hotel digital marketing? Contact us for a free consultation!