In an age of social media, our new ease with over oversharing and giving personal information to complete strangers without thinking about it, never has personal data management been more in the spot light.
We think nothing of shouting to the world what used to be deeply personal information. How many of us have posted how excited we are to be at the airport heading on holiday for 2 weeks, giving no thought to the fact that we may have previously posted photos of our homes or may even have put into Facebook set up screens our home address, homes that are now empty and open to social media searching burglars to empty at their leisure – they know where you live, where you are now and when you are back, by the time you are posting that you are back at the airport heading home your house is an empty shell.
When was the last time you checked your social media security settings and just how safe is the data we give to sites and Apps? How much data can Companies gather from our innocently accessing Wi-Fi in coffee shops? Will the introduction of GDPR close down data mining loopholes?
Facebook is current facing international investigations into the illicit harvesting of users' personal data. The information was collected by Cambridge Analytica, a political consulting firm that backed President Trump’s 2016 election campaign.
According to a whistleblower, Cambridge Analytica gathered data from 50 million users (a figure that Facebook has now admitted could be as high as 87 million), then developed a software program that profiled these users to predict voting patterns and, through micro-targeted ads, influence US citizens’ voting decisions.
How did they do this? Cambridge Analytica obtained voter data through a Facebook-linked App named 'thisisyourdigitallife'. Through the App, a Cambridge Analytica member paid Facebook users in exchange for a detailed personality test, supposedly for academic research purposes.
These users volunteered to provide this information – something Facebook Deputy General Counsel was quick to emphasize in a statement:
“The claim that this is a data breach is completely false. Cambridge Analytica requested and gained access to information from users who chose to sign up to the App, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.”
But the App also pulled personal data from all the test-taker’s linked Facebook friends without their consent, data that, per Facebook’s Platform Policy, can only be used to enhance the in-App experience, and should not be given out to anyone.
It’s not a surprise that this incident plus the announcement that Facebook’s Chief Security Officer, Alex Stamos, will leave the company later this year, that #DeleteFacebook was trending.
Will the introduction of the General Data Protection Regulations (GDPR) help fix this issue? From 25th May 2018 the GDPR become law. The GDPR is a new set of laws aimed at enhancing the protection of EU citizens’ personal data and increasing the obligations of Companies to deal with that data in a transparent and secure way.
Businesses across the world need to sit up and take notice, even if they are not based in Europe, should they do business with anyone of EU nationality they need to comply as the GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens.
The GDPR sounds restrictive, concerning and potentially a lot of work for Companies to implement to ensure compliance but given the recent issues Facebook has faced over their management of the “innocent” data we put into their social media site just to get an account, I don’t think introducing a stricter rule on data management is a bad thing.
Companies that hold customer/client information on a database or collect potential new customers/clients for their database, need to make sure that they are complaint to the new rules.
Click here for a good reference article on the 12 steps you need to take to ensure compliance: http://bit.ly/2KlYd4W
It does seem quite complicated, the best and easiest explanation I have had is from HubSpot:
- The GDPR has specific rules about enabling your contacts to specify exactly what they want to receive from you.
This makes total sense from a business perspective. Don’t send to contacts that don’t want to hear from you, and make sure the ones that do get to choose what they want. Tangibly, this will lead to fewer unsubscribes and better deliverability.
- The GDPR requires increased transparency around data collection and processing.
In legal language, that’s the “right to access” and “portability,” which mean your contacts can demand a copy of their data in a common format. In other words, your contacts should be able to ask you what they’re signed up for, and receive a quick, accurate, and easy-to-digest answer.
- The GDPR requires that you give your contacts the “right to be forgotten.”
They can request that you delete them from your database. Not only will that satisfy the specific contact in question; it’ll ensure that you’re not wasting your time trying to market and sell to people that have no interest in your product or service. That means more time to focus on your best prospects and customers.
- Perhaps most importantly, the GDPR requires lawful basis for processing.
In other words, you need a legal reason to use a contact’s data, like consent or legitimate interest. That’s bad news if you’re purchasing lists, its not permitted under the GDPR.
I am not sure that the GDPR will put an immediate stop to our oversharing or how Companies can use the data we provide to target us, a lot of the information they use we willingly provide. However, I am hopeful that we will think before sharing in future.
If you have 15 minutes, this video is worth watching: https://lnkd.in/dZFQXn7