Facebook has had very public privacy problems for some time – the rumours and gossip have been circulating endlessly about what the social media giant really does with the vast amount of data it has. Recently, the Cambridge Analytica scandal has forced Facebook to face up to this in an uncomfortable way. Revelations that the political consulting firm Cambridge Analytica harvested data from 50 million Facebook users have made life uncomfortable for Facebook. There was no consent obtained and no one was even notified. However, it’s a scandal that seems to have made everyone, not just Facebook, nervous – because while the social giant is currently in the spotlight, there are many businesses operating in grey areas when it comes to customer data.
Facebook and the GDPR
The Cambridge Analytica scandal is a timely one because May 2018 sees the introduction of the EU General Data Protection Regulation (GDPR). This is one of the first real modern data privacy models in the world and could have seismic impact around the globe. It applies to any business handling the data of EU citizens, not just to EU businesses, so it has very broad reach. And with fines of up to €20 million, or 4% annual global turnover, whichever is greater, it could well cause even those businesses that have formerly believed themselves to be untouchable to sit up and take notice.
Is your business clear in the way that it uses customer data?
Given the new focus on the way data is treated thanks to the Cambridge Analytica scandal, as well as the incoming GDPR, now is an important time for businesses to assess how cleanly customer data is being used.
Do you know what kind of data you collect? Who does it belong to, where does it come from and why do you collect it? It’s time to get perspective on exactly how much data your business is harvesting, from whom and – in particular – whether there is a good reason for collecting it.
Does your business have an ambiguous approach to consent? If you’re working with purchased email lists, for example, you have no real idea as to whether the data users on that list consented to you having their information. That creates real exposure for any business. If you want clean hands in this new era of transparency you need to be able to point to when and how consent was given.
Is your data properly protected? Every business collects data today and that means having infrastructure and systems in place to adequately protect it.
Are the suppliers and processors you work with GDPR compliant too? If not then there could be fallout for your business as well as theirs. Make sure any agreements you have with third parties detail GDPR obligations.
Do you have clarity on how your business handles data? For example, if you received a Subject Access Request would your current systems enable you to identify what data you hold on an individual – and if they asked you to delete it all (the new “right to be forgotten”) could you?
It’s very easy to point fingers at Facebook but there are changes that many businesses need to make to improve and update the way they manage customer data too. A CRM is a great infrastructure to use to ensure this is handled effectively – contact MarketDeveloper today to find out more.