Data protection in social media: How to protect your channels!

Whenever it comes to the use of social media channels such as Facebook, Instagram or Whatsapp, the topic of data protection is always on the agenda. In the discussion, the providers are usually accused of being data octopuses. And there are always reports about data leaks and hacked social media accounts of companies. We help you to comply with data protection in social media for your own company and answer the most frequently asked questions.

How do I secure my social media channels from unauthorised access?

When setting up a social media account for your company, the first question that comes to mind is how to protect your account from unauthorised access. A common reason for attacks on social media channels are mistakes in handling passwords and access rights. It sounds banal – but a secure password is and remains one of the most important points. As a reminder, here are a few tips for the secure use of passwords:

1. Choose secure and different passwords for your social media channels.

• Choose a unique password for each social media channel.
• The longer the password, the better.
• It should be at least eight characters long.
• If possible, do not include a link to your company name.
• Exclude common number sequences or keyboard patterns.
• Use upper and lower case letters, numbers and special characters.

You can find more tips on this at the german Federal Office for Information Security.

2. Store passwords in a secure password manager

With so many social media platforms, it can happen that you can’t remember all your passwords individually. To avoid this, it is advisable to use a password manager. We’re not talking about the note app on your smartphone, where you can quickly jot down all sorts of things. We recommend the use of professional tools such as 1Password, Lastpass & Co. You then only have to remember a single master password.

3. Switch on 2-factor authentication

In the corporate context, 2-factor authentication plays an important role, but it is also useful for private use. For example, after logging in, you receive an SMS on your mobile phone or a code by email so that the service can be sure that someone legitimate is logging in.
The 2-factor authentication is essential, for example, when using the Meta (formerly Facebook) Business Manager, as employees can only use it with a private Facebook account. In order not to risk a hacker attack, each employee should protect his or her account accordingly.

4. Check the access rights of all employees and service providers.

Access rights can be managed, for example, on Facebook via the Business Manager. Here, different roles such as administrator or employee can also be assigned to the respective persons. You should check these regularly and remove people directly if they leave the company. Even if, for example, you end or pause the cooperation with a service provider, you should subsequently change all passwords and remove the corresponding rights.

Do I need a privacy policy for my social media channels?

The aim of the german General Data Protection Regulation (GDPR) is to protect the fundamental rights and freedoms of natural persons. In particular, it is about their right to protection of their personal data. Examples of personal data are name, date of birth, address, email address and telephone number.

An important part of using social media channels as a business is documenting and disclosing how users’ data is processed. The so-called privacy policy serves this purpose. This does not only apply to the company’s own website, because according to European court rulings, every company is jointly responsible for data protection on its social media channels. An external data protection officer can provide assistance on this topic. So don’t hesitate to contact him if you are unclear. Alternatively, you can obtain further information on a legally compliant data protection statement from a lawyer.

How do I integrate social media plugins such as the Like button into my website in a data protection-compliant manner?

Social media offers and websites are increasingly growing together: I can incorporate posts from social networks into websites and, on the other hand, direct users of the social media channels to my website. One of the best-known links between the two worlds is the like button, which invites users of the website to “like” the content on social networks and thus recommend it to their friends.

In terms of data protection, however, this is a grey area. Because regardless of whether your website visitors click the button or not – Facebook knows in any case that the user has visited the page. A better alternative is to activate the button only if users explicitly wish to do so and are informed of this via a pop-up message, for example. Whether the method of integrating the Facebook Like button is 100% court-proof, however, has unfortunately not yet been determined.

Protect your social media channels properly!

No matter whether it’s about protecting your own company or user data – extreme caution is required when it comes to data protection! Because you have to deal with it again and again – even if sometimes you would prefer to avoid the (tiresome) topic.

With this article, we are merely providing you with a small guide to remind you of the importance of data protection. Important: This is not legal advice.

So why not check your social media channels directly using our tips on passwords and access rights, check the integration of your social media plugins and supplement your data protection declaration if necessary!