In 2018, Facebook was embroiled in one of the biggest controversies of the year with the Cambridge Analytica scandal, in which the personal data of 50 million Facebook users had their rights violated.
This was obviously a massive data breach and was big news last year. The media frenzy culminated in Facebook CEO Mark Zuckerberg giving testimony in front of the US Congress. Facebook has yet to feel the full repercussions for this breach with the maximum fine said to be close to $1.6 billion.
More recently, Google has been fined $50 million for failing to be transparent in how it collected data to personalise advertising. However, these huge tech companies are not the only threat to an individual’s rights regarding personal data. Even companies with an abundance of wealth and resources can succumb to cyber attacks, ones which are well known and trusted all over the world.
Cyber attacks mean more than just a damaged reputation and hefty fines for tech giants. Following an attack, usernames and passwords regularly end up on the dark web and an individual’s personal data is then sold for as little as $3 online. In 2018, it was estimated that nearly 620 million accounts were compromised across sixteen high profile breaches, including MyFitnessPal.
All of these events, particularly Facebook’s breach have changed the way people view their personal data. Consumers are more aware of how much their data is worth but more importantly, they are wary of how their personal data can be stolen and used for crime. Consumers know their rights and are cautious with their personal data now more than ever.
GDPR has made great strides already by forcing companies to consider what personal data they held and requested, where this data was stored and whether it was really needed. The reasons for holding this information also became important, as organisations now have to prove that they were handling, processing and protecting it properly.
GDPR forced companies to look at how they store, gather, use and protect data. However, that is no longer enough. In 2019, data protection must become more than just a box-ticking exercise. It should be a key priority and integrated into every aspect of the business to ensure comprehensive coverage and consistency. The financial and reputational impact can be staggering if companies fail to get data protection right.
Therefore, companies must prioritise the development of a more comprehensive approach to protect their customer’s personal data. A multi-layered strategy which incorporates transparency is needed. Customers should be aware of how, where and why their data is being used, helping to build trust and maintain relationships.
In addition, they should strive to have an open dialogue with their customers to educate them on how their data is being used and protected. A continuous commitment to this approach will go far in maintaining trust and bolstering reputation, even if an incident occurs.