With all the recent talk about GDPR, business owners all over the world are concerned with the impact it might have on their business.
Although it’s a European law, it doesn’t affect just companies based in Europe. If you’re in the US, you might think this doesn’t concern you…
And you couldn’t be more wrong. In fact, GDPR applies to ALL companies who are collecting data from European citizens.
Not to mention that the fines for breaching it are astronomical.
They amount to up to €10 million, or 2% of the worldwide annual revenue for the previous financial year, whichever is higher.
Hence, GDPR isn’t something you can take likely. You can’t afford to overlook it, or you might put yourself out of business. For good.
One of the areas where you need to be GDPR compliant is Facebook advertising. I’m sure you’re aware of Facebook’s data-breach scandals…
Since the same rules apply to both Facebook and your business, you need to be careful how you advertise on the platform moving forward.
That’s what we’ll be focusing in this article. We’ll take a closer look at how GDPR directly impacts the way you create Facebook audiences, store and use data, and target potential customers.
But first, let’s take a look at what exactly GDPR is.
What Is GDPR?
- 1 What Is GDPR?
- 2 In fact, individuals under the GDPR have the following rights:
- 3 Facebook’s Response To GDPR
- 4 GDPR And Facebook Pixel
- 5 GDPR And Cookies
- 6 GDPR And Custom Audiences
- 7 So, What Happens To Custom Audiences You’ve Already Created?
- 8 What About Leads Ads?
- 9 GDPR And Instagram
- 10 Final Thoughts
- 11 About The Author
GDPR stands for General Data Protection Regulation.
It’s a regulation in the EU law regarding data protection and data privacy.
Obviously, it affects all EU based companies. However, like I mentioned, it also impacts everyone who “offers goods or services to, or monitors the behavior of, EU data subjects”.
The aim of GDPR is to give full control to EU citizens over their personal data.
It ads several protection layers to ensure that, when gathering and using personal data, businesses require the user’s explicit consent.
In that regard, businesses are forced to be completely transparent in how they acquire data, what data they collect, and what they do with it.
The regulation was enforced on May 28th this year. Since then, all businesses affected must be GDPR compliant.
GDPR is EU’s way of giving individuals (prospects, customers, contractors, and employees) a lot more power over their personal data.
In fact, individuals under the GDPR have the following rights:
- The right to access – This gives individuals the right to access their data at all times. They can also ask how their data is used by the company after it has been gathered. The company must provide a copy of the personal data, free of charge and in electronic format if requested.
- The right to be forgotten – Consumers can, at any time, withdraw their consent or choose to stop being a customer. In both instances, they have the right to request the company deletes their data.
- The right to data portability – Individuals have a right to transfer their data from one service provider to another.
- The right to be informed – Individuals must be informed about any data a company is gathering, prior to it being gather. They have to opt-in for their data to be collected. Furthermore, consent must be explicit, rather than implied.
- The right to have information corrected– Individuals have the right to update their data, if it is outdated, incomplete, or incorrect.
- The right to restrict processing – Individuals can request that their data is not used for processing. Meaning you can have their data, but cannot use it.
- The right to object – Individuals have the right to stop the processing of their data for direct marketing. There are no exemptions to this rule. Any and all processing must stop as soon as the request is received. In addition, you’re obligated to inform individuals about this right.
- The right to be notified – If there has been a data breach involving someone’s personal data, they have the right to be informed about it. This must be done within 72 hours of realizing there has been a breach.
Facebook’s Response To GDPR
Unless you’ve just woken up from a coma, you’re probably aware of Facebook’s GDPR nightmares.
In response, Facebook’s been concentrating its efforts to ensure transparency and GDPR compliance.
The three key areas they have to work on are: transparency, control, and accountability.
It may sound a bit technical, but it’s actually fairly simple. Facebook will be making it a whole lot easier for everyone to see what FB knows about individuals, based on what they’re posting on their profiles.
Additionally, they will invest more effort to ensure that the way other parties, namely advertisers, handle data in compliance to GDPR.
Which means GDPR directly impacts you as an advertiser on the platform. And in more than one way…
In fact, you’ll have to do something similar to what Facebook is currently doing.
You’ll need to inform your prospects about the type of data you’re collecting. Also, they need to be aware of what you’re doing with that data, and who else will have access to it.
There’s no reason to be alarmed, if you’re only using standard options Facebook provides. Targeting people by interest won’t infringe on the GDPR.
However, this should concern you if you’re leveraging Facebook’s advanced targeting options. I’m mainly referring to Facebook Pixel and Custom Audiences.
In that case, you’ll need to ensure a “relevant legal basis” for use of customer data.
This practically means you need acquire consent of each and every person whose data you’re holding or using.
So, you might want to hold off from running Facebook ads for the time being. Until you ensure GDPR compliance, that is.
The reason is simple – every company is responsible for ensuring their own GDPR compliance. Ignorance won’t save you from the fines, and you won’t be able to put the blame on Facebook, either.
GDPR And Facebook Pixel
If you plan on using retargeting, Facebook Pixel will be a vital tool.
However, you might not be able to leverage your existing Pixel. Unless you’ve complied GDPR when utilizing cookies.
How will you know if that’s the case? Well, Facebook’s created a handy Guide to Consent.
It’s lengthy, but you should definitely read through it. The Guide states instances in which you must obtain users’ consent.
I won’t go into too much detail here, since you can read all about it o the link above. However, I will give a few examples to illustrate what this means.
Say you want to use Facebook Pixel to measure conversions and/or retarget prospects based on their previous activity on your website. Since the Pixel relies on cookies, you’ll have to obtain the visitor’s consent in order to retarget them with a specific ad.
The same rule applies if you’re collecting visitors demographics on your blog, for example.
So, how do you get their consent?
Simple – through a cookie banner. Just like any banner on your website, it’s clearly visible on your page.
The difference from regular banners, however, is that it needs to be displayed on every page. It must be there when the page loads for the first time.
It also needs to clearly tell the visitor what data you’re collecting, how, and what you plan on using it for. Only if they click “OK” or “Accept” do you have their permission (consent) to use the data for intended purposes.
GDPR And Cookies
GDPR states that the fact alone that someone’s using a website doesn’t mean they agree to cookies. Prior to May 28th, only a small number of websites simply informed their visitors that they’re utilizing cookies. Now, this will no longer suffice.
For instance, they need to click through an opt-in box, or enable cookies settings from the menu.
There’s one thing to keep in mind here:
You must not have pre-checked boxes on your opt-in forms. The individuals need to willingly select the option themselves.
At the same time, you must, at all times, give them an opportunity to opt-out. Basically, prospects reserve the right to revoke their consent at any point in time, without listing the reason. You must enable them to do it just as easily as they consented.
For instance, if they enabled cookies from a settings menu, they need to be able to disable them as well.
GDPR And Custom Audiences
Here’s where things get a bit more complicated. First, we need to understand the terms data controller and data processor.
Data controller handles personal data, whereas data processor, as the name suggests, processes data for other controllers.
Now, why is this distinction important?
Well, in regards of the Facebook Pixel, Facebook is actually the data controller. This means it falls onto Facebook to inform your visitors that their data is collected, processed, and used for retargeting purposes.
However, with Custom Audiences, the roles are swapped. Here, you are the controller and Facebook is merely a processor.
This implies that YOU are responsible for for complying with GDPR when uploading Custom Audiences on Facebook.
Now, what does this entail?
Well, when using Custom Audiences for targeting, you will have to provide “proof” of consent.
It’s not yet clear what this proof will be, as Facebook is still working on this matter.
They’re in the process of developing a Custom Audiences permission tool. You’ll be required to use it, if you want to continue leveraging Custom Audiences.
For now, it’s best to act as if this option is currently disabled. Otherwise, you’ll be breaching the accords of the GDPR.
Interesting note: You’ll no longer be able to share Custom Audiences between business accounts.
So, What Happens To Custom Audiences You’ve Already Created?
The answer depends on how you’ve created them, regardless of what source you’ve used.
Whether you upload the custom audience from CRM data, newsletter subscribers, or a customer database…
If you haven’t acquired explicit consent from every single person on the list, stating that you have their permission to market to them, you’ll have to delete their information from the Ads Manager.
The same holds true for your email lists. Although it doesn’t necessarily mean deleting all of your contacts.
If they don’t, and you haven’t previously acquired their explicit consent, then you can no longer promote stuff to them.
I mean, technically you can, but you’re risking the astronomical GDPR fines I mentioned earlier.
Don’t forget, since GDPR is an EU regulation, this only applies to EU based subscribers.
What About Leads Ads?
Facebook Leads Ads are a power tool in every business’ arsenal.
They allow you to run ads with the purpose of acquiring new, qualified leads.
However, GDPR has made them slightly more complicated, as well.
How so? Well, they state that, in the case of Leads Ads, both Facebook and you are data controllers at the same time.
This translates to both of you being responsible for GDPR compliance.
So, to acquire leads with Facebook ads now means both you and Facebook have to inform the prospects about the acquiring and processing of their data.
However, Facebook has (thankfully) made this pretty straight-forward for advertisers.
GDPR And Instagram
You must not forget the fact that Facebook owns Instagram.
All Instagram ads are run through Facebook Ads Manager. Hence, the same GDPR compliance rules apply to this platform.
However, this doesn’t entail taking extra steps to ensure compliance on this platform. It follows the exact same rules as Facebook at all times.
So, after you’ve ensured GDPR compliance on Facebook, you’re good to go on Instagram as well.
This is true for Messenger and WhatsApp, as well.
If you’re targeting people in the EU, or planning on doing so in the future…
Then ensuring your business is GDPR compliant in all areas is a must.
Although it’s not necessary for US based customers, it certainly will help add a sense of security in regards to their privacy-related concerns.
This will help you avoid the scandals Facebook went through… And, once you’ve ensured GDPR compliance, you’ll be able to continue utilizing all the powerful targeting options Facebook has to offer.
Until then, if you want to run Facebook ad campaigns, it’s best to stick to their default settings.
So, get to work and make sure your business is fully GDPR compliant.
In the meantime, if you want to learn how to craft powerful Facebook Ad campaigns – the way 7-figure professional marketers do…
Then I invite you to join the Wealth Academy Facebook Ads Specialist Certification Program.
You’ll get a tested & proven formula for creating, setting up, and running wildly profitable Facebook advertising campaigns.
This will allow you to reliably generate new leads and customers through compelling Facebook ads, and as a result – maximize your revenue.
About The Author
Your Millionaire Mentor
Shaqir Hussyin is the founder and CEO of WealthAcademy.com & Funnels.com. Nicknamed the “Backpack Millionaire”, he’s invested $350,000 into his own education and training. Whilst traveling to 100+ countries, Shaqir has built over 10+ million dollar brands and attracted over 500,000+ subscribers.
His signature program is now available: Max Income System; 14 Simple Steps To Making Your First Income Online
Shaqir is also a highly sought-after speaker and direct response “Sales Funnels” global leader. Shaqir’s work has impacted over 100,000 businesses in 65 different countries. Connect with Shaqir on Instagram, YouTube, LinkedIn & FB Group.