It has been reported that the UK’s data protection regulator, the Information Commissioner, intends to impose a financial penalty of £500,000 on Facebook for allegedly failing to ensure that another company, Cambridge Analytica, had deleted the data of users which it had access to.
Facebook has the opportunity to respond to the ICO’s notice of intent, however, the size of the financial penalty that the ICO intends to bring could have been much more severe had it been imposed for alleged failures post 25 May 2018. Financial penalties available to the ICO and other data protection regulators in European Union countries are now much greater in the GDPR-era – up to 4% of the annual global turnover or 20 Million Euros (whichever is greater). Penalties can be imposed against any data controller and criminal proceedings can also be brought where appropriate.
The value of data in the modern age cannot be denied. Companies use data to inform their marketing strategies, data brokers collate it in order to sell for profit and some political parties appear to be using it to try and improve the effectiveness of their election campaigns.
In fact, it has recently been reported in the media that the ICO has written to the UK's eleven main political parties telling them to have their data protection practices inspected following concerns that parties may have bought lifestyle information about members of the public from data brokers who might not have obtained the necessary consent. Of course, there is absolutely nothing wrong with utilising data for legitimate purposes providing that you comply with data protection laws.
You can check your compliance by having your data protection practices reviewed. Whether you are an SME using data to market your services to the public or a major political party using data to reach out to voters, it is critical that you comply with the law and the changes introduced recently by the General Data Protection Regulation (GDPR) and the UK’s new Data Protection Act 2018.
Knowing that you are compliant or amending your practices in the event that you are not compliant will bring about peace of mind and help to ensure that the reputation of your organisation is not damaged by a data breach. It will also help to avoid the risk of financial penalties as well as compensation claims brought by any individuals (or groups of individuals) who may suffer loss or distress by a data breach that compromises their personal information.
Stephensons Solicitors LLP can assist you with all aspects of data privacy law including reviews of your data processing activities and advice on how to be compliant with data protection laws. Contact us now on 01616 966 229.