GDPR and Facebook

How GDPR Will Affect Your Interactions with Facebook

Facebook is the perfect marketplace to enable small businesses to interact with their customers and target new ones. Unfortunately, this usually necessitates the sharing of information, and if this is personal data related to European citizens then it falls under the remit of GDPR. In order to make sure your company is compliant with all aspects of GDPR it is essential to know who is responsible for that data, and this means identifying the data controller and data processor.

What is the Difference Between a Data Controller and Data Processor?

A data controller is a person or company that determines what data will be retained and how it will be processed. The data processor can be a separate entity that processes the data on behalf of the data controller. It is the data controller that will be largely governed by the GDPR rules, and they are the ones that have to be sure that they have a legal basis for collecting any personal information. This includes having valid GDPR-compliant consent, a contractual necessity for holding the data, and a legitimate interest in it.

During your interactions with Facebook, it is important to know whether you or Facebook are the data controller so that it is clear who will be responsible for the legal implications. Facebook themselves are currently making all their processes fully GDPR compliant, so it is up to you to make sure your company is also compliant for the occasions when it will be required.

In most cases, Facebook will be acting as the data controller, for example when an interaction is taking place within Facebook itself or its own apps like Instagram, Oculus, or Whatsapp. In this case, Facebook and its partners will take all the responsibility for complying with GDPR, and all information concerning this will be available in their privacy policies.

However, there are situations where Facebook will be acting simply as a data processor for you, and in these cases, you will need to be aware of your responsibilities. This will arise when they are processing your data on your behalf, for example with Custom Audiences, Analytics for measurement, and Workplace Premium. In any situation where you send personal data to Facebook that they then process, you will be the data controller and must have a legal basis for holding whatever information you are sending.

Transfer of Data Outside the EU

As Facebook is an American company, any data you send to them may be transferred outside the European Union. This is generally prohibited by GDPR except in specific cases where there will be adequate levels of protection for the data sent, purely so that the rights of the European individuals will remain secure as far as the new regulations are concerned. Facebook, however, have a Privacy Shield certification which is one of the accreditations that GDPR accepts, meaning that any data you send to them will still be protected as strongly as those within the Union.

In summary, Facebook will make sure they are fully compliant with GDPR in the cases where they are the data controller, but when you send any data you hold on EU citizens to them for advertisement purposes or any other reason, it is up to you to make sure you are fully compliant yourself and have a legally valid reason for holding and processing sensitive information.

For more information about how Facebook is working towards being compliant with GDPR, this document explains their procedure along with some FAQs.

 

Do you have a general question about what we do? Here's how to get in touch...

Email

Drop us an email at [email protected]

Telephone

Call FREE 0800 634 92 96 or 01573 440355

Our normal office hours are:
Monday to Friday 8.30am – 5.30pm

Live Chat

Check the Live Chat tab at the bottom right of the page to see if we’re online right now.

Voicebank

Please use our Support service if you are a customer and you are experiencing issues with any of the services we directly provide for you, or if you would like to request updates, amendments, etc. We will get back to you as quickly as possible.

Email

Send an email to [email protected] and a support ticket will be automatically raised for you. You will be notified by email when we have responded to it.

Clicking the button below will open a new email for you, already addressed to [email protected].

Voicebank

Call our Support Voicebank on 0333 335 0056 and leave a message. Remember to leave your name, details of the issue you’re experiencing and the best way to reach you.

We’ll get back to you as soon as possible for any further info that we need to resolve your issue and to keep you updated on progress.

Please use our Support service if you are a customer and you are experiencing issues with any of the services we directly provide for you, or if you would like to request updates, amendments, etc. We will get back to you as quickly as possible.

Email

Send an email to [email protected] and a support ticket will be automatically raised for you. You will be notified by email when we have responded to it.

Clicking the button below will open a new email for you, already addressed to [email protected].

https://securecart.andwedothis.com/jumpstart/