Last week it was announced that Facebook was fined €565,000 for data breach relating to the Cambridge Analytica scandal. There appears to be a mixed reaction to this news with many highlighting how small the fine is when compared to the net value of the company, estimated at over €500 bn.
An important aspect to this story is the timing of the breach. On 25th May 2018 the GDPR regulation came into force. This regulation introduces significant changes to the way companies gather, process and retain personal data with penalties of up to 4 % of the company annual turnover (or €20 million whichever is the higher) for data breach.
The Cambridge Analytica scandal however, occurred before these tougher penalties were brought in. If the same breach was identified today just five months after the this scandal was first exposed by the Guardian and the New York Times, the potential of the fine could have been €20 million.
This is a timely reminder to businesses that the GDPR is a significant legal change to the way companies use and retain personal data. If you need advice on your GDPR implementation strategy, get in touch with our GDPR project team at Voltedge Management, email us on firstname.lastname@example.org to speak to one of our experts.