• Startups
  • June 17, 2020

Facebook, Cambridge Analytica and the GDPR wake-up call

Mark Zuckerberg has not had a good couple of weeks at the office. The revelations that Cambridge Analytica misused the data provided to it by Facebook, but that Facebook also failed to alert its users to this misuse (and allegedly didn’t have adequate controls in place in the first place), has left him at best rather red-faced. As businesses of all shapes and sizes prepare for compliance with the General Data Protection Regulation (GDPR) in time for the looming May 25th deadline, this scandal that has dominated headlines in recent days brings into sharp focus the catastrophic effects of failing to have in place adequate data policies and of data falling into the wrong hands. It also brings the role of data controllers closely under the spotlight.

Preparation is key!

The requirements of GDPR are a hot topic and one that isn’t likely to disappear any time soon; the Facebook debacle only serves to further illustrate this. For any business that comes into contact with personal data, (which will be most!) real preparation is key. It will not be enough to give data policies a cursory update and then hope to stay under the radar of the Information Commissioner’s Office (ICO).

While the Facebook fiasco may be an extreme example, it demonstrates perfectly how things can quickly spiral out of control; what started with the collection of the data of 270,000 users ended with over 50 million Facebook users being affected. It is therefore imperative that data controllers understand clearly their duties under the new regime but (and possibly even more importantly) that they are also responsible and accountable for how any data is processed on their behalf by third parties.

More than just financial implications

Data policies must be robust enough to ensure that data is protected all the way down the line. It is not sufficient to shrug shoulders and say ‘we did our best but they still breached our terms’. Policies should include measures in order to ensure that this does not happen and if it does, swift and effective action must be taken.

While the increased fines under GDPR – the higher of 4% of turnover or €20million – are probably the most talked about and attention-grabbing of the upcoming changes, the slide in Facebook’s shares (currently knocking around $30 billion off its value) demonstrates that businesses found to be in breach could be left counting a far greater cost – in the form of damage to their reputation.   

In a society where sharing our personal data widely is just a fact of life, data protection is not just about complying with regulations but also maintaining public trust and opinion. Only time will tell where this scandal will end for Facebook and while still much is unknown about GDPR and is unlikely to become clear until many months after the May deadline, it seems certain that it will continue to be a talking point for weeks to come and that information controllers will remain under the close scrutiny of the ICO for far longer.

To consult with Jessica, please submit an enquiry for a free 15-minute consultation or call our friendly team today on 020 7148 1066. If you want to find out more about the GDPR and how to ensure your business is compliant, register here for our upcoming GDPR webinar on Weds 18th April 2018. Please be aware that spaces are limited!

Jessica Mumby LawBrief Solicitor


In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • May 01, 2022
What are Articles of Association?

Setting up a limited company is one of the most common routes entrepreneurs take when they start their business. If you have decided to take this r...

blog image
  • By LawBite Team
  • May 01, 2022
Do I need a privacy policy on my website?

The short answer is yes, all businesses that process personal data must have a detailed privacy policy. In most cases, a privacy policy will sit on...

blog image
  • By LawBite Team
  • April 13, 2022
Understanding Conflict of Interest (COI)

One thing our lawyers consistently emphasise to our clients is the importance of having well-considered and expertly drafted documentation, for exa...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free