Data protection in social media – The most important in a nutshell
Whenever it comes to the use of social media channels such as Facebook, Instagram or Whatsapp, the topic of data protection is always on the agenda. In the discussion, the providers are usually accused of being data octopuses. And there are always reports about data leaks and hacked social media accounts of companies. We help you to comply with data protection in social media for your own company and answer the most frequently asked questions.
When setting up a social media account for your company, the first question that comes to mind is how to protect your account from unauthorised access. A common reason for attacks on social media channels are mistakes in handling passwords and access rights. It sounds banal – but a secure password is and remains one of the most important points. As a reminder, here are a few tips for the secure use of passwords:
You can find more tips on this at the german Federal Office for Information Security.
With so many social media platforms, it can happen that you can’t remember all your passwords individually. To avoid this, it is advisable to use a password manager. We’re not talking about the note app on your smartphone, where you can quickly jot down all sorts of things. We recommend the use of professional tools such as 1Password, Lastpass & Co. You then only have to remember a single master password.
In the corporate context, 2-factor authentication plays an important role, but it is also useful for private use. For example, after logging in, you receive an SMS on your mobile phone or a code by email so that the service can be sure that someone legitimate is logging in.
The 2-factor authentication is essential, for example, when using the Meta (formerly Facebook) Business Manager, as employees can only use it with a private Facebook account. In order not to risk a hacker attack, each employee should protect his or her account accordingly.
Access rights can be managed, for example, on Facebook via the Business Manager. Here, different roles such as administrator or employee can also be assigned to the respective persons. You should check these regularly and remove people directly if they leave the company. Even if, for example, you end or pause the cooperation with a service provider, you should subsequently change all passwords and remove the corresponding rights.
The aim of the german General Data Protection Regulation (GDPR) is to protect the fundamental rights and freedoms of natural persons. In particular, it is about their right to protection of their personal data. Examples of personal data are name, date of birth, address, email address and telephone number.
Social media offers and websites are increasingly growing together: I can incorporate posts from social networks into websites and, on the other hand, direct users of the social media channels to my website. One of the best-known links between the two worlds is the like button, which invites users of the website to “like” the content on social networks and thus recommend it to their friends.
In terms of data protection, however, this is a grey area. Because regardless of whether your website visitors click the button or not – Facebook knows in any case that the user has visited the page. A better alternative is to activate the button only if users explicitly wish to do so and are informed of this via a pop-up message, for example. Whether the method of integrating the Facebook Like button is 100% court-proof, however, has unfortunately not yet been determined.
No matter whether it’s about protecting your own company or user data – extreme caution is required when it comes to data protection! Because you have to deal with it again and again – even if sometimes you would prefer to avoid the (tiresome) topic.
With this article, we are merely providing you with a small guide to remind you of the importance of data protection. Important: This is not legal advice.
So why not check your social media channels directly using our tips on passwords and access rights, check the integration of your social media plugins and supplement your data protection declaration if necessary!