Cambridge Analytica fallout: How will GDPR be enforced?

By Yves Faguy March 23, 201823 March 2018

Cambridge Analytica fallout: How will GDPR be enforced?

Jessica Davies warns that in the aftermath of Cambridge Analytica’s harvesting scandal, businesses are going to have get wise quickly about making sure they will be compliant with the EU’s General Data Protection Regulation (GDPR) – coming into force in May.

The question on a lot of minds, up until now, has been how 28 different countries will enforce the regulation, which has extra-territorial reach.

Jess Geary also digs into the issue:

Post-GDPR, the data is back in the control of the consumer. As of May 25th, 2018, consumers will be able to request what data is being held about them and they will have the right to be forgotten and, more importantly, get greater clarity on transparency on how their data is being used. The emphasis is now on the brands to negotiate this new opt-in world successfully – or they face a fine of €20m or 4% of global turnover.

This increasing scrutiny from consumers is only going to get worse, especially with more and more high profile data breaches (I am confident there will be more). So how do businesses and brands tackle this growing scepticism from consumers, in an age where data is becoming more powerful and valuable than ever?

Tim Pullman is uncertain about whether Cambridge Analytica’s actions were in fact illegal. He also expresses doubts as to whether the GDPR  will truly do better at protecting individuals and their personal information:

The point is that people focus too heavily on the consent requirement per se.

But the underlying risk so often overlooked is the ability of corporates to track, manage and maintain the vast pools of data sloshing around their third party relationships. This reality has now hit Facebook: their developer relationships, whilst clearly valuable, also present potent risks.

The truth is that in its analysis activities Cambridge Analytica is no different from thousands of other insight companies. Large corporations will often have hundreds of such vendors and partners under which personal data is daily exchanged, analysed, copied and disclosed. Under GDPR, only one of these partners needs to be rotten to expose the corporation to huge regulatory fines plus serious reputational damage. And these are only the obviously risky relationships.


Filed Under:
No comments

Leave message

 Security code