Mr Zuckerberg was put through his paces by the US Congress this week. They needed, and did not always get, answers to the apparent access afforded to Cambridge Analytics to confidential Facebook data.
References were made during the “interrogation” to the new European data protection rules, and should the US adapt similar standards?
Personal data is starting to assert its right to privacy.
Like most businesses in the UK we are researching the changes required by the new General Data Protection Regulations (GDPR). There is no doubt that legislators are making moves on data holders who play fast and loose with personal data placed in their care.
The GDPR has teeth, fines for non-compliance are significant, and so businesses that acquire personal data of customers, staff or other contacts would be wise to comply.
It has also been mooted that a further risk of non-compliance with the GDPR is loss of business. One of the requirements of the GDPR is that affected organisations will need to check and see that their suppliers, with whom they share customers, staff or other contacts data, also need to be compliant.
This will be of concern to practicing accountants who migrate clients’ personal data to sub-contractors, outsourcing services, cloud-based software providers and so on.
The deadline for compliance is 25 May 2018. Before that date we intend to be compliant and will be able to reassure our clients accordingly. It will be interesting to see if Mr Zuckerberg has similar success with Facebook.