What is GDPR? Its effect on Facebook and LinkedIn

Picture of Richard LeCount

by Richard LeCount

The punishment for failing to comply with the EU’s General Data Protection Regulation is a steep one:


With such a considerable sanction for failing to comply with GDPR, it’s surprising that companies are still falling foul of the guidelines; in fact, it’s thought that a third of European businesses are still not GDPR compliant as of July 2019.

However, even though businesses are having to change the way they market to their customers. There are many benefits for both organizations and the general public.

In this blog, we’ll be covering some of those benefits, and how you may need to change  your social media marketing strategy on Facebook and LinkedIn to stay in line with GDPR.

What is GDPR?

The General Data Protection Regulation is a data privacy regulation designed to give EU citizens greater control of how and when their personal data is collected and shared.

This, therefore, impacts how organizations can prospect for clients and utilize their information, and social media is no different.

This law applies to any company in the world if they deal with the personal data of any EU resident. In case you operate your business on the other side of the globe to the EU, you will still be liable to the laws of GDPR. Furthermore, even if one of your customers resides within any country in the EU.

Why GDPR Benefits Businesses

As a business owner, you should by now have comprehended details of GDPR, and it does require a good deal of effort to ensure you’re fully compliant.

Nevertheless, there are a few vital upsides for your business:

  • Inspires Confidence: If potential and current customers know that their data is being handled with the utmost care, it encourages a greater trust in your organization.
  • Marketing to an Engaged Audience: You’ll be marketing to people interested in receiving your promotional materials and have explicitly chosen to hear what you have to say.
  • Improved User Experience: With tighter regulations around how personal data is used in marketing and advertising, companies need to be more creative in the manner they do their marketing, which will only improve the experience of the end-user.

How GDPR protects consumers


Aside from boosting your business, GDPR offers advantages for your customers too, such as:

  • Increased Privacy: Organisations are now only permitted to capture and process personal data for a specific purpose, which needs to be communicated to the individual, and measures need to be taken to safeguard this data.
  • More Authority Over Personal Data: In a time when tech giants like Google and Facebook are frequently found to be mishandling data, individuals must have greater control over who owns and processes their data.
  • Greater Control Over Their Internet Experience: Consumers are now able to decide straight away whether they wish to receive marketing emails from businesses or whether they are happy for their behavior to be tracked for advertising and analytical purposes.

The example below from Experian, is a good example of a cookie privacy policy, and you are able to tailor each section to suit your preference.


Organic Social Marketing

Organic social marketing on Facebook is undoubtedly a large portion of your social marketing program. With its increasing inefficiency- the paid-ad era-marketers have included lot of facebook marketing tools in their plan.

The good news here is that undertaking organic social media marketing is mostly free of GDPR. This is because most organic activity on social media, such as uploading content and engaging with followers, does not require the collection of personal data.

But, there are a few things you’ll need to keep in mind:

  • Scraping tools that export contact and personal information should not be used since this classed as personal data without obtaining consent.
  • If you’re running a social ad agency, there are several things you need to be aware of, such as using Facebook Pixels and Custom Audiences, which we’ve covered in more detail below.

Paid Social Marketing

If you wish to use your customers’ data to track their behavioral patterns for advertising purposes, then it’s crucial to ensure you have the legal right to do so. This means that you have to obtain opt-in consent from your customers.

Below, we’ve outlined a few key points you’ll need to keep in mind:

  • Your customers need to be given a choice to accept or reject the opt-in, which they should be allowed to withdraw from at any stage.
  • You need to expressly state what data you’ll be collecting and how you intend to use it.
  • Your consent request needs to be in plain language with no ambiguity.

Tip: Since the methods for obtaining consent can be a little complex, referring directly to the regulation is the best course of action if you are unsure.

How Facebook Advertising Has Changed Since GDPR


Facebook Pixel – If you’re advertising on Facebook and not using a Facebook pixel on your website, then you’re missing out on giving your audience a better experience and the chance to target more relevant ads towards them.

That said, GDPR impacts your Facebook pixel, and if you’re using one, you must comply with GDPR, and you must get consent from your prospects in the following scenarios:

  • If you run a retail website that utilizes cookies to gather data about the products a consumer views on your site, which is used for re-targeting campaigns. 
  • If your blog gathers analytical data through a third party, which collects and uses cookies according to demographic data on your readers, then you will require consent.
  • If you run a news website that uses a third-party ad server to display advertising and it collects cookies to understand who is viewing the ads.
  • If you’re advertising on Facebook using the Facebook pixel to measure conversions from ads or creating re-targeting campaigns through Facebook.

If you fall into any of the above categories and haven’t yet obtained consent, then you’ll need to do so by displaying a cookie banner when the page loads, which shows customers how to give their consent.

Alternatively, you could also obtain consent when they sign up for the offer. There are several free plugins and tools which pop up and allow users to accept or reject consent on your website.

Facebook Custom Audiences – Custom audiences are taken from your email list, and you can upload them to your Facebook ads so you can target them directly.

Uploading email lists or any kind of contact information into Facebook custom audiences means that you are the data controller. Being a data controller under GDPR means that you, once again, must ensure that your subscribers are given the option of consent before any ads are created.

If your email lists contain any of the following information:

  • LinkedIn contacts
  • Business card information
  • Purchased or scraped email lists
  • Third-party shared pixel information

Then you need to delete it because GDPR dictates that this information is unusable unless they have explicitly given consent to be marketed to.

Also, it’s essential that you consistently update your custom audience lists to ensure that you’re removing those who have opted out of your list, or they have since withdrawn consent.

How LinkedIn Advertising Has Changed Since GDPR


For B2B marketing professionals, LinkedIn offers a powerful platform for the promotion of products and services to an audience of over 660 million.

LinkedIn has a couple of essential statements in regards to GDPR. Still, the biggest is that any data you upload into it must have been acquired with the right consent, and the responsibility for ensuring this data GDPR certified falls to the company who are undertaking the campaign.

Similar to Facebook, uploaded data is used when creating Matched Audiences for an InMail or Sponsored Content campaign.

LinkedIn has handed its users the power to tweak advertising settings, which allows all members to opt-out of their information being used in ad targeting.

This includes job title, job function, seniority, skill sets, etc., all of which lay the groundwork of any sponsored campaign.

LinkedIn, just like any other social media platform, is the data controller.

However, this doesn’t mean you don’t have your responsibility as a marketer, though.

As soon as you begin to collect data through LinkedIn, ownership transfers to you, and you become the data processor. Which means you need to gain consent to use the data you’ve collected.

Obtaining Campaign Data from LinkedInIf you’re using Matched Audiences in paid-for campaigns on LinkedIn, you hold the responsibility as the advertiser to ensure the data is GDPR compliant. 

In the case of Sponsored InMail, advertisers don’t need to take any further action unless they’re uploading a list from their own CRM.

The same applies to lead generation forms – you won’t need to do anything here since LinkedIn will manage the GDPR compliance when it comes to ad targeting and tracking. 

However, the Privacy Policy statement is much stricter, so you will need to be very clear on what your privacy policy is and how you will be using the data you obtain.

Extracting Campaign Data for External Advertising from LinkedInLinkedIn has now limited the storage of email addresses that you’ll be able to store in campaign manager to 90 days if they aren’t being used.

Lead generation forms are also deleted after 90 days, and members will be able to revoke permission during this period.

If you’re thinking of scraping email data from LinkedIn, then think again. There’s no point in gathering email from LinkedIn this way, with the purpose of marketing to them, as you have no consensual grounds to do so.


With such a hefty penalty for failing to comply with GDPR, it’s certainly not worth ignoring it and hoping it won’t apply to you, because as long as you’re marketing to EU citizens, it certainly does apply to you. 

So, if you haven’t already, it’s definitely time to access all of your marketing activities to ensure you’re operating on the right side of the line.

Picture of Richard LeCount

Richard LeCount

This article was written by Richard LeCount - the DPO and managing director of usbmakers, a company specializing in top of the line USBs and power banks.

Be A More Productive Social Media Marketer

Start Your Free Trial

*14-day free, no credit card required

Request Demo