AIIM - The Global Community of Information Professionals

4 Special Requirements Social Media and Collaboration Create for GDPR Compliance

Jan 26, 2018 9:29:26 AM by John F. Mancini


A new set of European rules and standards related to privacy and data protection (the General Data Protection Regulation, or GDPR) has set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. The regulation is designed to harmonize privacy across the EU, codify more rigorous privacy rights; strike a balance between privacy and security and create an explicit obligation for both data controllers and processors to demonstrate compliance with GDPR. The clock is ticking – the regulation goes into effect on May 25th, 2018, and the potential penalties for non-compliance are significant (organizations found to be in breach of GDPR may be fined up to 4% of annual revenues or 20 million Euro, whichever is the greater).

This is not just a problem for European-based companiesIf your organization does business in the EU, offers goods and services to EU citizens, or processes EU citizen data, then all the provisions of GDPR apply.

Social media and enterprise collaboration platforms like Workplace by Facebook and Microsoft Yammer create unique compliance challenges under GDPR. Although social media has experienced exponential growth, it is still very much in its early stages from a legal and regulatory perspective. This is continuously challenging organizations on the daily as they struggle to nail down their compliance with record-keeping regulations like the GDPR.

Here are 4 key challenges to consider in developing your compliance strategy:

1 -- Data Protection and Privacy

Organizations should evaluate how they collect social media data and address their intentions publicly prior to collecting such data. This can be done on corporate websites and social media in clear policy statements.

2 -- Employee Rights on Social Media

Policies to help guide the use of social media in the workplace are commonly in place, but the issue is that these policies must not conflict with other privacy laws. These policies must be revisited taking GDPR into consideration.

3 -- Governance and oversight

Firms are increasingly allowing employees to use social media for business purposes, but both GDPR regulators and regulations such as FINRA and the SEC in the financial services industry, now demand that organizations develop strong internal procedures and controls to ensure they manage associated risks effectively.

4 -- Information archiving and retention

Determining what content is considered “business” communication and when that content should be captured and archived is more complicated than it seems. Implementing a system that effectively captures social media history and saves them as official, valid archives is a key step towards GDPR compliance as well as compliance with other regulations across industries.

Pagefreezer has put together an interesting eBook on this often overlooked aspect of GDPR compliance, Exploring the Impacts of GDPR on The Use of Social Media Communications & Enterprise Collaboration Platforms. Check it out.


If you have downloaded it yet, you might be interested in AIIM’s free GDPR eBook — Information Privacy and Data Protection Regulation: The EU GDPR is Just the Tip of the Iceberg.

Topics: collaboration, social media, records management, gdpr

Like what you see? Subscribe to get updates delivered straight to your inbox.

Back to Blog

About AIIM

AIIM provides market research, expert advice, and skills development to an empowered community of leaders committed to information-driven innovation.

Click to download 14 Steps to a Successful ECM Implementation

Subscribe to Email Updates

Recent Posts