LinkedIn and GDPR – This is What You Need to Know

(Disclaimer: this article expresses my own understanding and opinions and does not constitute legal advice) If your business sells products or

    Published on

Greg Cooper

Follow Following Unfollow Greg Cooper

Sign in to follow this author

LinkedIn Coach and Trainer|Bespoke LinkedIn Training|Social Selling Training|LinkedIn Help Forum Expert

( Disclaimer: this article expresses my own understanding and opinions and does not constitute legal advice)

If your business sells products or services to companies and individuals in the UK and Europe you will be affected by GDPR (General Data Protection Legislation). The GDPR legislation, which becomes law on May 25th, 2018, is an attempt to catch up with and keep up with changes in the way that data is being used. It replaces the 1998 EU data regulations.

Why does this matter? Well, GDPR will require a major rethink of your marketing communications. For example, one area it will impact quite dramatically is your mailing list which will shrink – possibly by up to 60% overnight. In addition, you could be exposed to swingeing fines for non-compliance. Read on.

Extra protection for data subjects

The new legislation provides extra protection for data subjects and stricter requirements for data collection and storage. For example, in future, it will be necessary not only to gain active consent to send someone a marketing communication but also, separate consent will be needed for each type of communication and each channel e.g. SMS, email, telephone. Assuming that someone who downloads a guide from your website would like to be added to your email list will no longer be acceptable.

What’s more, and this is important, businesses will need to be able to be able to prove consent was given.


This legislation has teeth too. Organisations who are found to be in breach of the new law will be liable for fines of up to 20 million Euros or 4% of turnover. This is an attempt to make data protection a board-level topic.

How will this affect my business?

First of all, every business and organisation in the UK and Europe that processes data must register with the data protection authority, this includes micro businesses. The authority in the UK is the Information Commissioner’s Office (ICO). That’s not new that is the current law.

Data Security

GDPR will impose extra obligations on your business to make sure that data is securely stored and any data breaches are promptly reported. If you have any concerns about data storage or security in your business now is the time to speak to your IT department, if you don’t have one, find an outside expert. I recommend Andrew Cope of Evergreen Computing as an independent IT expert who is knowledgeable about GDPR.

Data Collection

The second big impact on your business is the way that you collect personal data, and the need to be able to demonstrate that active consent was given to receive marketing communications. For many organisations this will mean going back to square one and asking everyone on their mailing list if they are happy to receive marketing communications – remember that consent needs to be specific about content and channel. I don’t have to tell you that when you do this there will be some attrition. Your mailing list will shrink by 20, 30 or even 60%.

You will also need to reconfigure your website and advertising campaigns so that an individual is absolutely clear which marketing communications they are consenting to receive. A double opt-in would be ideal i.e. when individual signs up they receive a second email to verify the request.

Is there an upside?

So far it seems like this is going to be a pretty burdensome extra task for businesses and yes, it is. There is an upside however, potential benefits include:

  • Cleaner data
  • Higher open rates and click-throughs
  • Higher engagement
  • More valuable relationships

Your mailing may be smaller, but subscribers, because it’s an active choice, are likely to be more engaged and responsive.

What about LinkedIn?

I have had several conversations with the help desk at the ICO including with a lead case manager. The key point that was made to me is that as a public social media platform LinkedIn is the data controller and has primary responsibility for ensuring compliance with GDPR. This includes communicating clearly to members how their data will be used as well as being responsible for ensuring data security.

If a member takes data off the platform or shares data with a third party they then become the data controller and are responsible for complying with the data protection laws.

From a members perspective, people join LinkedIn with the expectation that members will communicate and network with each other. Essentially, day to day use of the platform is not impacted by GDPR. So, whilst your marketing communications could be severely curtailed your LinkedIn activity is not affected.

To compensate therefore for any short-term negative impact that a smaller mailing list and stricter consent rules will bring, you should as a priority be actively expanding your network, now. As well as being able to message your first-degree connections freely LinkedIn premium users can also send InMails to their 2nd and third-degree connections. This will prove an increasingly valuable feature.

An outstanding technical question

In another conversation with the ICO, I asked about a scenario in which a premium user sends an InMail to someone they don’t know. Would that be permitted? His answer surprised me.

It is not so much GDPR as another updated piece of less publicised legislation which will be more relevant. This is the E-Privacy Draft directive which will come into force at the same time as and alongside GDPR.

It seems that potentially there could be some issues when someone using a corporate account sends an InMail to an individual who uses a personal email as their primary LinkedIn contact. The ICO officer said that the legislation was still in draft form so he couldn’t give me any definitive guidance but advised I study the current and draft E-Privacy for myself. If it is any comfort, he also said he thought although technically it may be a breach he didn’t think anyone would complain!

It’s a work in progress

I have now had half a dozen conversations with the ICO and each time I get a slightly different answer to my questions. However, my overall conclusion is that for day to day use, members can use LinkedIn without worrying about GDPR.

It’s clear that the new laws are very much a work in progress with plenty still to be clarified.

For example, I was curious about what happened when a business selling products or services into the UK and Europe is not based there. The ICO help desk person assured me that this would be covered by GDPR. I asked how they would impose fines on companies outside Europe if they were found to be in breach of the regulations. There was a pause and then she rather disarmingly admitted that no-one has thought that through yet.

The consensus seems to be that the ICO will probably be a little lenient at first, not least because it simply doesn’t have the manpower for rigorous enforcement but also because there is a recognition that the new data legislation will take a little while to bed in. Technology advisory firm Gartner predicts that by the end of 2018, more than half of businesses still won’t be fully compliant with the requirements.

That’s no cause to be complacent, however, the ICO will get tougher and examples will be made, and those fines, frankly are eye-watering.

If you haven’t already started it’s time to act to get your business data “ship shape and in Bristol fashion” as we say here in the West Country. And a very important part of that preparation is to boost those LinkedIn connections, individually and as a business.

Finally, if you are thinking this will all eventually go away again after Brexit, think again. The unhindered flow of data between the UK and EU is a key government objective. GDPR is here to stay.

ICO Overview of GDPR ICO Getting Ready for GDPR a Checklist

If you found this article useful please like and share it so others can too – and do remember to read the comments, often the comments are as valuable if not more so than the original article. Thanks.

Other useful links:

The ICO Helpline is 0303 123 11133

More about Greg

Greg Cooper is an independent LinkedIn consultant and trainer based in Bristol, UK. He is a Fellow of the Institute of Direct and Digital Marketing. For over twenty years Greg ran an award-winning direct marketing agency working with leading technology companies like IBM, SAP, and Siemens.

Today he helps SMEs to use LinkedIn more effectively to find, win and keep customers. He runs public and in-house courses including the LinkedIn Essentials Master Class, Sales Navigator, and Social Selling workshops, and Employee Advocacy training.

For an individual discussion of your business’s needs call +44 (0)7917 360222. or email You can also follow Greg on Twitter

LinkedIn Coach and Trainer|Bespoke LinkedIn Training|Social Selling Training|LinkedIn Help Forum Expert

Article by channel:

Read more articles tagged: GDPR