Data Protection

GDPR, Data Protection, ICO...

Information watchdog head says Cambridge Analytica is a ‘game changer’ for companies and data protection

No one can have failed to notice the recent furore surrounding social media giant Facebook and data mining company Cambridge Analytica. Facebook has admitted that as many as 87 million users of its site – one million of whom are based in the UK – could have had their data improperly shared with Cambridge Analytica.

Cambridge Analytica has since been forced to cease trading due to the reputational damage it suffered in the fallout from the scandal.

In a recent speech at the Data Protection Practitioners’ Conference, the head of the UK’s data protection regulator described the Facebook/ Cambridge Analytica affair as a “game changer”, in that suddenly the issue of how companies handle personal data of clients and other individuals is uppermost in everyone’s minds.

In her speech, Information Commissioner Elizabeth Denham said:

“The investigation is ongoing and it would not be appropriate for me to make further comment, other to acknowledge that I welcome the focus on data rights for citizens and consumers in the centre of public discussion and debate.

“One thing is certain. The dramatic revelations of the last few weeks are a game changer in data protection.

“Suddenly everyone is paying attention. The media, the public, parliament, the whole darn planet it seems.”

Even before news of the scandal broke, data protection was already something of a hot topic in the corporate world. We are now only days away from the introduction of a significant piece of new data protection legislation, known as the General Data Protection Regulation (GDPR). This Regulation comes into force on May 25, and you may well be aware of ways in which your own company has been preparing for its introduction.

Ms Denham had previously described GDPR as “the biggest change to data protection law for a generation”.

Companies will now need to be much more transparent regarding why they need to collect and process individuals’ personal data, and which other parties this data might be forwarded to. They will need to inform individuals of how long the data might be kept for, and of the right to complain to the Information Commissioner about the way the data has been handled.

Individuals will have the right to request access to the personal data that a particular company holds about them. This data must be provided free of charge, and within no more than 30 days of the request. Individuals will have the right to have any inaccuracies in the data corrected.

Companies should have appropriate measures to protect the security of data against theft, accidental loss, cyberattacks etc.

Companies that fail to comply with the GDPR requirements could be fined up to the higher of 4% of turnover or €20 million.

The new legislation applies to companies in all business sectors, so it will therefore have a significant impact on how recruitment agencies handle the personal data of candidates.thing here.