Lead Gen Blog

GDPR and Facebook: all you need to know to keep advertising safely

By Luke Ramassa | No Comments | 11th August 2018

If you are a seasoned marketer, there is a high probability you use Facebook ads to grow your business. To keep advertising safely on Facebook, you need to know all about GDPR and Facebook.

Sure you are wondering what GDPR and Facebook have in common. Before we delve into that, let’s look at the meaning of GDPR.

GDPR (General Data Protection Regulation) is a European law that stipulates businesses should protect the personal data and privacy of EU audience for transactions that take place within the EU member states.

If you want know more about GDPR in general don’t miss out our dummy guide on this topic, here.

So, what do GDPR and Facebook have in common?

It changes the rules for companies that collect, store or process data on EU residents. That includes Facebook, Google and other companies that use large amounts of data. It also involves companies that have a digital presence in the EU and companies around the world that uses people’s personal data in the European Union.

Why is GDPR important?

GDPR helps to protect people’s privacy. Many people are concerned about their privacy and losing important information. A research carried out on 7,500 consumers in France, Germany, Italy, the UK and the U.S by RSA Data Privacy & Security Report revealed that 80% of consumers said lost banking and financial data is a top concern while lost security information such as passwords and identity information like passports or driving license was cited as a concern for 75 percent of the respondents.

Types of data protected by GDPR


In order to successfully comply with the GDPR law, you need to know the type of data affected. Below are seven specific data that needs protection:

  • Identity information such as name, address, ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

So, how does this affects your company?

As a marketer, if you use, store, manage or analyze data of any kind, it means GDPR affects your company.

As an advertiser that uses Facebook, GDPR also affects you whether you do business in the EU. This is because if your website uses cookies, visitors from EU can visit your pages and even opt into your newsletter. Below are the main implications of GDPR on Facebook ads:

  • Complying GDPR on Facebook ads means you have to inform your subscribers how you will use their data
  • Complying with GDPR on Facebook means that people must give their consent before you use their data. They are also free to withdraw their consent whenever they want.
  • Complying with GDPR on Facebook means it is mandatory for you to show your customers their information whenever they demand to see it.
  • Complying with GDPR on Facebook means it is required that users must be able to edit any information they want
  • Complying with GDPR on Facebook made it mandatory that users can delete their information whenever they want

Let’s take a look at GDPR and Facebook products that the law affects:

1. GDPR and Facebook Pixel

As an advertiser on Facebook, you probably use Facebook pixels on your website to give your users a better experience and to know the people that use your services or products to show them relevant ads on Facebook.

The thing is, GDPR affects Facebook pixels. If you are using Facebook pixel on your website, you are liable to comply with GDPR. You can learn more about it here. You will see examples of cases where you will need to get the prospects’ consent. This includes:

  • A retail website that uses cookies to collect information about the products people view on the site to target ads to people based on their activity on the site
  • A blog that uses an analytics provider who uses cookies to capture aggregate demographic info about its readers
  • A news media website that uses a third-party ad server to display ads, when the third party uses cookies to collect information about who views those ads
  • A Facebook advertiser who installs the Facebook or Atlas pixel on its website to measure ad conversions or retarget advertisements on Facebook

If you fall into any of the four categories above, you will need to obtain consent from your users. You can do this by showing a message when the page loads for the first time. This is referred to as a “cookie banner” to tell users how to give their consent.

Secondly, you can also obtain consent when they are signing up for your offer. A free tool you can use is cookie consent notification. It will display consent notification for users to accept or reject on your webpage.

The second thing you need to consider is GDPR and Facebook custom audiences.

Crack the Facebook Ads Success CODE
Download this free book and discover 30 easy strategies to boost your Ads overnight, learned managing over 400 milion in media spending.
Insert below your name and email address to get access to the ebook

2. GDPR and Facebook custom audiences

Custom audiences are audiences from your email list. You can upload the audiences to your Facebook ads to target them directly.

But, wait!. GDPR affects Facebook custom audiences too.

Uploading email list or contact information into a Facebook custom audience makes you a data controller. GDPR stipulates that as a data controller, you must ensure that your subscribers give their consent before you can market to them. If you have email lists from LinkedIn contact, email addresses from business cards, purchased or scraped email lists and shared pixel information from other parties without users consent, you need to delete the information from your Facebook ad account. You cannot market to them according to the GDPR law. You are only allowed to market to users who have given you their consent.

Also, on the path of compliance, you must ensure that your custom audience lists are continuously updated so you can weed out those subscribers who have opted out of your list. This means they have withdrawn their consent from your marketing list.

The third thing to consider is the GDP and Facebook lookalike audiences.

3. GDPR and Facebook Lookalike Audiences

Luckily GDPR has nothing on Facebook lookalike audiences. It does not affect it.

Presentazione senza titolo

Do you know why?

The reason is that lookalike audience uses a “seed” audience of one of your custom audiences to search for new people to add to the Lookalike audience. You don’t need their permission to show your ads to them. However, to be more careful about GDPR and Facebook lookalike audiences, you should update your privacy policy.

This means you need to inform your audiences about how you intend to use their data. Insert your privacy policy on your landing pages. The point here is to be transparent about how you use the data.

You can consult your lawyer to help you draft a suitable privacy policy that will ensure you use GDPR and Facebook lookalike audience with consent.

You also need to add a link to your privacy policy on every page of your website, this includes pages with email opt-ins. For instance, if you are driving traffic from Facebook ad to a lead magnet, ensure that the page has a cookie consent banner, an email opt-in that complies with GDPR and a link to your privacy policy.

What are the risks for non-compliance with GDPR and Facebook ads?

Good question!

Many people speculate that non-compliance with the GDPR laws will attract heavy fines, especially for big brands. But small business can also run into legal issues.


Making sure you comply with GDPR when using Facebook ads will keep you away from trouble. You need to ensure that you comply with the law, especially if your business is dealing with EU audience.
Have you thought about GDPR and Facebook ads? It is time to comply with the law to avoid legal issues in the future.

Psst! Learn How to Effectively Track Your Facebook Ads to Drive More Offline Sales with our Webinar

Crack the Facebook Ads Success CODE
Download this free book and discover 30 easy strategies to boost your Ads overnight, learned managing over 400 milion in media spending.
Insert below your name and email address to get access to the ebook

Luke Ramassa

Digital Marketer at LeadsBridge, passionate about Marketing and Technology. His goal is help companies to boost their online presence.

Automation Tools for Facebook Advertisers

Better tracking, better conversions, better audiences, better results.