A lesson to be learned: The sensational story of data misuse
Posted on: 21/03/18
‘Tech giant Facebook and data analytics firm Cambridge Analytica are at the centre of a dispute over the harvesting and use of personal data – and whether it was used to influence the outcome of the US 2016 presidential election or the UK Brexit referendum.’ (http://www.bbc.co.uk/news/technology-43465968)
The latest story couldn’t be more appropriate to put fear in to your business and your data processes as the new General Data Protection Regulations will go live in two month’s time.
GDPR applies to all organisations that handle, store and process personal data. Under the new legislation, technical and organisation measures must be taken to minimise the processing of personal data. This means from the very start of trying to gain control of data, data protection needs to be engrained in all aspects of the system and process.
With stories and facts coming out about what happened; what can we learn from this high-profile story hitting the headlines?
‘As was common with apps and games at that time, it was designed to harvest not only the user data of the person taking part in the quiz, but also the data of their friends….the data of some 50 million users, mainly in the US, was harvested without their explicit consent via their friend networks.’ (http://www.bbc.co.uk/news/technology-43465968)
From what the news is telling us, Cambridge Analytica obtained data with false pretences from Facebook, using access to scrape profiles and the profiles of other contacts to then use that data to target people to send “fake news” and influence opinions in elections, referendums, and such across the world.
How you manage, use and secure data is where GDPR are going to test your compliance. There are five points which you should be compliant with your business data:
- Process Lawfully – You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
- Collect Explicitly – You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
- Accurate & Up To Date – You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
- Retained – It should be only as necessary and you should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
- Process & Security – You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
The General Data Protection Regulation is both a game changer and an opportunity for businesses – It’s a blessing in disguise to finally push an efficient and effective information management system to the top your company’s agenda.
Of course, being compliant is an integral part of every organisation – GDPR wants companies to prove they can manage data ethically and sensitively. Not only does data need to be securely protected but the new regulations want each business to be able to confidently show their investment into the fundamentals of privacy. This could be as easy as a box ticking exercise, but that process needs to be established and continued to be able to build accurate reports.
New General Data Protection Regulations go live in May 2018 and will be impacting how you manage and protect data; With cracks already revealing themselves with larger organisations, don’t wait until it’s too late. It is the perfect opportunity to build a sustainable data protection foundation for businesses and implement a time saving and money tool for the future.
For more information on GDPR: http://ec.europa.eu/justice/newsroom/data-protection/infographic/2017/index_en.htm
Or contact us to see how we could help your business protect data and remain complaint: Contact Us