Mark Zuckerberg has not had a good couple of weeks at the office. The revelations that Cambridge Analytica misused the data provided to it by Facebook, but that Facebook also failed to alert its users to this misuse (and allegedly didn’t have adequate controls in place in the first place), has left him at best rather red-faced. As businesses of all shapes and sizes prepare for compliance with the General Data Protection Regulation (GDPR) in time for the looming May 25th deadline, this scandal that has dominated headlines in recent days brings into sharp focus the catastrophic effects of failing to have in place adequate data policies and of data falling into the wrong hands. It also brings the role of data controllers closely under the spotlight.
Preparation is key!
The requirements of GDPR are a hot topic and one that isn’t likely to disappear any time soon; the Facebook debacle only serves to further illustrate this. For any business that comes into contact with personal data, (which will be most!) real preparation is key. It will not be enough to give data policies a cursory update and then hope to stay under the radar of the Information Commissioner’s Office (ICO).
While the Facebook fiasco may be an extreme example, it demonstrates perfectly how things can quickly spiral out of control; what started with the collection of the data of 270,000 users ended with over 50 million Facebook users being affected. It is therefore imperative that data controllers understand clearly their duties under the new regime but (and possibly even more importantly) that they are also responsible and accountable for how any data is processed on their behalf by third parties.
More than just financial implications
Data policies must be robust enough to ensure that data is protected all the way down the line. It is not sufficient to shrug shoulders and say ‘we did our best but they still breached our terms’. Policies should include measures in order to ensure that this does not happen and if it does, swift and effective action must be taken.
While the increased fines under GDPR – the higher of 4% of turnover or €20million – are probably the most talked about and attention-grabbing of the upcoming changes, the slide in Facebook’s shares (currently knocking around $30 billion off its value) demonstrates that businesses found to be in breach could be left counting a far greater cost – in the form of damage to their reputation.
In a society where sharing our personal data widely is just a fact of life, data protection is not just about complying with regulations but also maintaining public trust and opinion. Only time will tell where this scandal will end for Facebook and while still much is unknown about GDPR and is unlikely to become clear until many months after the May deadline, it seems certain that it will continue to be a talking point for weeks to come and that information controllers will remain under the close scrutiny of the ICO for far longer.
To consult with Jessica, please submit an enquiry for a free 15-minute consultation or call our friendly team today on 020 7148 1066. If you want to find out more about the GDPR and how to ensure your business is compliant, register here for our upcoming GDPR webinar on Weds 18th April 2018. Please be aware that spaces are limited!
Read our latest blog posts on GDPR, featuring all the latest legal news, analysis and opinion from our expert lawyers.
- By Lawbite Team
- March 26, 2020
Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...
- By Lawbite Team
- March 19, 2020
Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ con...
- By Lawbite Team
- January 30, 2020
The ICO has published a statement on GDPR compliance after 31 January 2020 (the day that the UK leaves the European Union). There are no big surp...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.