Employee Advocacy has become a vital tool to engage employees in the companys presences and efforts on social media - and many are all ready well ahead in running company wide EA programs.
As all other business platforms, EA tools needs to comply to GDPR - and especially as employees are using their private social media accounts to share company content, this area calls for special attention.
For starters you need to address these 3 issues;
1. Your company are the dataprocessor in relations to the EA platform - so regardless of your DPA`s with vendors it`s your GDPR compliance you need to focus on.
2. Don`t demand/allow for employees to use social logins/connects!
Many EA platforms offer/demand the use of social logins/connect from employees in order to be able to share content - and this is a big no go. By allowing social logins/connects you as a company will be responsible of all data processed, which then will include all employees private social media accounts, and all datapoints involved!
Further your existing password policies will instantly be compromised, as you as a company cannot enforce it on employees private social media accounts.
Many EA vendors using social logins/connects extracts engagement data - likes, views, re-shares etc. via employees private social media accounts (with or without proper consent!) and compiles it in ie. statistics. This can only be done with access to the employees private social media accounts - so in essence this process means that employees private data originating from your EA platform flows both on social media`s, the vendors hosting center and in the platform itself...
3. Study the vendors DPA to make sure to comply!
Unfortunately many vendors do not clarify especially the issues with allowing/demanding employees to use their private social media accounts in relations to compliance - other than leaving it up to you as a customer.
Besides above 3 essential starting points to secure compliance you can find more on the subject here;