Data is big news, big data is massive news, mishandling data is very bad news.
Facebook is drip-feeding the extent of its data ‘activities’ into the marketplace at a rate that suggests they are burying yesterday’s catastrophic news, with today’s terrible news. The meaning of ‘asking for other crimes to be taken into consideration’ in the criminal justice system is somewhat mystifying, but whatever ‘that’ means, ‘that’ is what it feels like Facebook is doing.
Facebook is a data-driven business, which offers its users the opportunity to take part in the largest social movement the world has ever seen – for free. And yet Facebook is a commercial organisation, which needs to turn a significant profit and achieve strong growth to satisfy its shareholders.
So whilst Facebook is busily monetising the data it harvests from its users, it’s users are outraged at the cavalier way it has been allowing others to access that data and have discovered that the level of sneaky peaking that Facebook has been doing into their lives is at a level that far exceeded most people’s view of what was acceptable. The spotlight has been turned on Facebook and it has been found wanting.
While most users seemed relatively happy for Facebook to know certain facts about them and their lives and likes, there existed a degree of trust that the information was going to be kept safe and also that Facebook’s data-mining wasn’t going to be overly-intrusive. That is only half the story though, not only is there major disquiet amongst users, other organisations are now becoming very wary of involving their data with Facebook
Christina Farr of CNBC has found that Facebook has been contacting medical institutions with a view to collecting patient data and matching it up with Facebook users’ information. The objective being to discover if the combined data could be used to improve patient care, unsurprisingly this project has been “paused” in the light of Facebook’s current crises. A project that looks at how modern technologies can be used to improve medical care is surely a good thing, but set against the current situation, medical institutions won’t let their data anywhere near Facebook.
The Facebook data scandal has highlighted to many businesses the vital importance of securing the data they possess, and the dangers of allowing third-parties access to it. In the long term, Facebook’s woes may have done many businesses a real favour in focusing minds on the financial and public relations damage that can befall them with poor data management.
In many ways, the timing could not have been more apposite, as the requirements of GDPR for businesses who hold data on European residents will soon take effect. Although GDPR was passed in April 2016, the compliance deadline of 25 May 2018 is now fast approaching.
General Data Protection Regulation will set exacting new standards for personal data protection in Europe, with very few exceptions all companies will need to demonstrate compliance to the new directive.
The requirements of GDPR were the subject of four years debate in the run up to the April 2016 GDPR publication – there are 99 separate articles within it. GDPR is without doubt complex, no wonder a whole industry has sprung up to guide businesses through it. Then add to this the threats of massive fines and it all seems a little overwhelming.
Outside of the headline-grabbing threats of €20m fines, there are a whole host of lesser sanctions open to the Information Commissioner’s Office, all of which would seriously hamper normal business processes. These include; warnings and reprimands; imposing a temporary or permanent ban on data handling and ordering the rectification, restriction or erasure of data.
However, the real cost of any action taken against an organization under GDPR will undoubtedly be the damage to a company’s reputation and the subsequent loss of consumer trust.
The entire focus of GDPR is to make sure that we, as businesses, fulfil our responsibilities to those who have trusted us to look after their data. As the current situation with Facebook amply demonstrates, we need to prove ourselves worthy of that trust, or be prepared to suffer the consequences. So, whilst GDPR might seem to be an unnecessary waste of time and resources, in the end the disciplines that GDPR forces us to abide by and the extra security we give to personal data, might just ensure that GDPR proves a very worthy investment for everyone.