Facebook has had a miserable few weeks in data protection. Earlier this month, an American judge launched an investigation into the alleged harvesting of Facebook profiles by a firm employed by Donald Trump’s election campaign.
According to reports, Cambridge Analytica, a British political consulting firm, took data from more than 50 million Facebook profiles without users’ knowledge.
The firm is accused of creating a ‘personality testing’ Facebook app – known as thisisyourdigitallife – and using the data to assist in Mr Trump’s presidential election campaign.
A whistleblower suggested that the app exploited Facebook’s weak privacy settings “to harvest millions of people’s profiles”.
The scandal comes ahead of the new General Data Protection Regulation (GDPR), and if the biggest technology company in the world can’t protect their own data in broad daylight, how does anyone else stand a chance?
GDPR will come into full force in May 2018, bringing with it a raft of new data protection laws. Companies which misuse or fail to proactively protect consumer data will be heavily fined – up to €20 million (approximately £17.59 million) or four per cent of company turnover.
Facebook announced yesterday in a blog post that it would be doing more to protect data, including making privacy settings and tools easier to find, as well as removing the tools Cambridge Analytica used to store users’ data.
While your company may not offer the same services, it’s important that you take pre-emptive action now before it’s too late.
This could include:
- Reviewing data collection and consent forms so that they comply with the new data protection rules
- Deleting redundant systems and data
- Bolstering cyber security systems and password protecting sensitive documents
- Putting in place a dedicated data protection officer if your business deals with a large amount of data
For advice on how to keep your customers’ data secure, please get in touch. We can help formulate a plan and put it into action well ahead of the 25 May 2018 deadline.