GDPR is something every business with an interest in European audiences need to adapt for – including the likes of Google and Facebook. The question for advertisers is: how will this affect the way they use platforms like Facebook advertising after May 25th when GDPR comes into effect?

The good news is that, in most cases, little should change about the way you use AdWords, Facebook advertising and other PPC platforms. However, there are some instances where you need to need to make sure the data you provide companies like Facebook complies with GDPR.


Facebook tells businesses what to look out for

You can read Facebook’s take on GDPR here, but it’s mostly about how seriously the company takes security, privacy and all the usual corporate talk you expect from data moguls. More interesting is the section called “What this means for businesses”, where Facebook points out instances where business owners and advertisers need to make sure the data they provide Facebook is GDPR compliant.

Again, most of your advertising activities on Facebook and AdWords will remain the same because it’s their responsibilities to make sure they comply with GDPR. As Facebook says, “Businesses can continue to use Facebook platforms and solutions in the same way they do today.”

This is because, in most cases, Facebook serves as the data controller, which is responsible for making sure its data collection process is compliant with GDPR. For example, when you use location targeting on Facebook, you’re using data collected by the social network, not data you’ve collected yourself.

However, there are some instances when using Facebook advertising where you’ll be the data controller, making it your responsibility to be compliant with GDPR.


Times where you need to be GDPR compliant

In instances where Facebook acts as the data processor (processing data on your behalf), the responsibility of being GDPR compliant will fall on you. Here are three examples Facebook wants to point out to advertisers:


Custom Audiences: When we match your CRM data to our user database and create a Custom Audience for your advertising campaigns, we are the data processor.

Measurement and analytics: We process data on your behalf in order to measure the performance and reach of your ad campaigns and provide insights about the people who use your services, and report back to you.

Workplace: Workplace Premium offerings allow you to collaborate with your colleagues using Facebook’s tools. We process personal data as a data processor in order to provide this service to you.

Source: Facebook Business


With Custom Audiences, you’re providing Facebook with data which it uses to match with new potential customers. This is data you’ve collected and you need to make sure it’s GDPR compliant before you hand it over to Facebook – much in the same way you need to do with Customer Match in AdWords.

Any time you hand over email addresses or other personal data to an advertising platform like this, you need to make sure everything is in line with the GDPR regulations.

Next, we have one that’s going to catch out a lot of advertisers and marketers in general. When you use a tool like Facebook Analytics, this data is being processed on your behalf, which leaves the responsibility with you. So you need to make sure any data being processed is GDPR compliant and this includes all previous data used in your reports.

So, if you’re looking at reports from the previous year in any analytics tool, you need to make sure all of that historical data complies with GDPR.

Finally, Workplace is a collaboration tool rather than anything to do with Facebook advertising. However, GDPR also includes any data you collect from your employees and this counts for platforms like Workplace and other tools you’re using, so it’s worth mentioning all the same.


Are you ready for GDPR?

Once again, the good news is little will change regarding the way you advertise on Facebook, AdWords or other PPC platforms. However, it’s important to understand the instances where compliance obligations lie with you. For more info on GDPR, check out our guide on the regulations but make sure you get the necessary legal advice on this – don’t rely on third-party sources.