By now, you have probably heard about the General Data Protection Regulation (GDPR). EU’s new regulation to enhance the protection of EU citizens’ personal data and increase organizations’ responsibility to manage their data in a transparent and secure way.
This new regulation does not only apply to organisations based in the EU, but also to all organisations that control or process data of EU citizens.
At Social Seeder, we are working hard to ensure that our own practices are GDPR compliant. But also to help our customers and partners understand what the GDPR means for their advocacy programmes and build processes that help them stay compliant.
In fact, there are plenty of ways in which an employee advocacy platform, like Social Seeder, can help you stay GDPR compliant. Here are four that we believe are very important:
- Setting up permission levels and ensuring ambassadors’ consent.
- Allowing ambassadors to manage their email preferences and personal data
- Collecting only GDPR compliant data
- Working in a system with high-security measures
1. Setting up permission levels and ensuring ambassadors’ consent.
Consent is one of the trickiest parts of the GDPR. It is not enough for users to give their consent, it has to be given explicitly. This means that it needs to be:
- Freely given
- An unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
At Social Seeder, we make sure that explicit consent is given before you can add any ambassador to the platform.
Two of the most common ways to acquire ambassadors through Social Seeder are Homebases, and Recruitment Boxes. In each of these tools, you’ll be able to provide proper notice to your potential ambassadors before they provide any information to you and the platform will collect the necessary consent.
And there is more. At Social Seeder we use our own Privacy Police to ensure you stay compliant. However, on top of that, you can link it to your own notice provisions. It is as easy as sending us your Privacy and Terms and conditions documents and we’ll add them to your forms.
Every time an ambassador submits her information the platform will store a copy of the notice provided, information about the type of consent, and a timestamp of the interaction.
Additionally, a hallmark feature of GDPR is giving users the right to change their mind about consent at any time. With Social Seeder, ambassadors can decide to revoke this consent, the amount of data shared is up to their discretion, and we make these data-sharing options explicitly clear.
2. Allowing ambassadors to manage their email preferences and personal data
Allowing ambassadors to manage their email and notification preferences is a win-win situation. This way, they get information that is more relevant and interesting to them, and organisations get a more satisfied, engaged, and receptive audience. This not only ensures organisations stay GDPR compliant but also helps improve open rates, deliver more precise messaging, and refining segments.
With Social Seeder, ambassadors can manage their email and mobile notifications (coming soon) preferences in a very easy way.
The same happens with personal data. GDPR gives users the right to access, modify or delete their data at any given time. And not only that. In many cases, you’ll need to respond to these requests within 30 days.
Through Social Seeder, ambassadors can easily access their personal data (name, last name, email, details) at any time. Additionally, we have put in place special policies so that you can easily request the deletion or portability of ambassadors’ data.
3. Collecting Only GDPR-Compliant Data
It can be tempting to find as much out about a user as possible and marketeers often end up collecting too much data.
From now on, you should be very careful with this. GDPR establishes that organisations can only ask for data they really need. For example, as interesting as it can be, you cannot ask your ambassadors about their income levels if you don’t need that information for something specific.
On the bright side, maintaining a clean and compliant database can also bring some benefits such us faster and easier search and performance, or clearer analytics.
Having all the data from your ambassadors on a single platform, you can easily analyse this data for GDPR compliance. Within Social Seeder, it is very easy to review the information you collect and decide whether or not it meets GDPR standards.
4. Working in a system with high-security measures
Finally, the GDPR requires a bunch of data protection measures: from encryption at rest and in transit to access controls to data pseudonymisation and anonymisation.
At Social Seeder, we have strengthened (even more) all our security controls. Besides following all the standard measures we are going the extra mile to ensure our client’s and their ambassador’s data is as safe as possible. This includes:
- Improving our systems for authentication, and authorisation.
- Auditing to better protect our customer’s data.
- Regular Penetration testing with specialised security firms to make sure the platform is completely secure
- Secure data breach policy and protocols.
- Use of servers based in the EU exclusively.
GDPR can be overwhelming, but it is also a huge opportunity for all of us. It will protect users and provides organisations with the necessary guidelines to follow. We believe it is an important chance to start thinking differently and move away from intrusive outbound means of communication to a more human and personalised approach.
At Social Seeder, we are fully committed to enhancing our platform to enable easier compliance with the GDPR.
About Social Seeder
We are an employee advocacy and social media engagement solution that gives your employees and fans a simple way to amplify your brand’s reach by sharing your stories across their social networks.