It can be difficult for an organisation to manage its social media accounts. You need these channels to promote your services, but also need to control what employees post.
The line between personal and professional life is increasingly blurred, with many people sharing every aspect of their lives online. However, organisations must be careful about what they say, share and promote on social media to avoid damaging their reputation.
That’s why it’s worth having a social media policy. This document gives employees a clear understanding of what they are allowed to publish and share (or not) on social media about the organisation.
What is a social media policy?
A social media policy is a guideline document that sets out a corporate code for employees who use and post on social media. It should be given to all employees, whether or not they use social media. The document advises them on how to behave online to protect and promote the organisation.
To comply with the GDPR (General Data Protection Regulation), an organisation must:
- Review its social media policies to ensure they don’t conflict with other privacy laws;
- Develop strong procedures to ensure social media risks are managed; and
- Implement a record of the data captured on social media and save it as official, valid archives.
What to include
Your organisation should consider two social media policies:
- One for employees and their personal social media channels.
- One for your organisation’s account(s), which may be managed by several employees, such as the community manager, HR and the marketing team.
Below are guidelines that could be included in your policy.
Personal posts on personal accounts: It’s completely legal for employees to post what they want on their social media accounts. However, they need to be aware that all their posts represent their professional brand. They must also follow the terms and conditions and, even if they use a legal disclaimer, they aren’t protected if they insult or threaten their boss, organisation or colleagues.
Keep conflicts offline: Employees shouldn’t vent frustrations about the workplace online, especially if these involve a manager, colleagues or a customer.
Proprietary information is off-limits: Be clear about what employees can and can’t publish on social media. Details of a new product or prototype, and personal information about a customer or your office should not be posted.
I don’t know which sentence is the most clear/better
Privacy on Facebook, LinkedIn, Twitter and Instagram: Employees should think about what they post and set their social media accounts to private where possible to avoid sharing their personal activities.
You can also take further measures to protect your organisation online.
Monitor your posts: Monitor all the references you can find on social media about your organisation – including angry or threatening messages from your employees. You can use a social media listening tool or simply search social media sites. You can also ask your employees or create a rule: ‘If you see something on the Internet, say something’.
Additional controls for corporate accounts: If your employees have access to your corporate social media account(s), you must:
- Make sure few staff members have the password(s) to the account(s) and, to further minimise the risk of a breach, change the password(s) frequently; and
- Make sure passwords are changed and access to corporate social media channels is revoked when an employee leaves the company.
Educate your employees: It’s important to educate your employees on their responsibilities to help protect your organisation from risk. One way to achieve this is by signing them up to a training course.
How we can help
Our interactive GDPR Staff Awareness E-learning Courses introduces employees to the GDPR and the key compliance obligations for organisations. It aims to provide a complete foundation of the principles, roles, responsibilities and processes under the Regulation, and explains how these can be applied in today’s workplace.