Facebook, General Data Protection Regulation, Privacy and You

Facebook data privacy

Personal privacy is no longer a “nice to have” but a business and regulatory requirement.


Move fast and break things is the approach that has been attributed to Facebook over the years. That certainly worked – up until 2018. But with the disclosure that Cambridge Analytica had access to private personal information on more than 85 million Facebook users and with the arrival of GDPR, Facebook’s failure to protect individual’s privacy is under attack.

The social media firm now plans to spend in excess of USD 1 billion to fix the problem. Facebook is not an exception – most businesses are exposed as well. Small business owners and IT executives need to know what their compliance, privacy and security exposures are and act accordingly to bring them to acceptable levels. 

Cambridge Analytica, a political analysis firm hired by the Trump 2016 presidential election campaign, gained access to personally identifiable information (PII) on more than 85 million Facebook users. They then used tools to identify the personalities and traits of American voters and used it to influence user behavior with digital ads.

This was not a single failure of data access by Facebook. In June The New York Timesreported Facebook had data-sharing partnerships with mobile device manufacturers Apple, Amazon, BlackBerry, Microsoft, and Samsung as well as the Chinese device manufacturers Huawei, Lenovo, Oppo, and TCL.

The question then becomes what do these firms do with this PII, who do they share it with, and what level of control does Facebook have once the data is no longer in its hands? 

In its recently announced quarterly earnings report the company reported slower growth and that they will be spending in excess of USD 1 billion to improve its privacy and security. The stock dropped by 20 percent. Moreover the firm stated that it anticipates the rate of its rising support costs to exceed its revenue growth by next year – not to mention the lawsuits. One can only conclude privacy has an impact on customer loyalty and the costs associated with safeguarding customer PII. 

PII Must Be Protected 

The Facebook saga is a lesson for all companies and it is complicated by the implementation of the European Union’s general data protection regulation (GDPR). Companies effected by GDPR and fail to meet its privacy requirements could be hit with a penalty of up to four percent of annual global revenues. Personal privacy is no longer a “nice to have” but a business and regulatory requirement. And it won’t be cheap to implement. 

To address the PII requirements companies will need to put plans in place that tackle the following elements:

  • Ensuring consent to use data for each process is obtained and documented
  • The ability for data classification and mapping so that the firm can truly know where the PII exists, how it is used, and by whom (applications and users)
  • Establishment of proper access controls 
  • Tagging and data life cycle tracking of all PII data
  • Logging of PII events (and providing alerts for potential exposures)
  • Encryption of all PII data in transit and at rest
  • Breach and notification reporting
  • The ability to acknowledge the request for and removal of data when consent is withdrawn (“right to be forgotten”)
  • The ability to know where data has been transferred and control its use
  • The establishment of data protection certification for the company and all third-parties that are in possession of PII data obtained by the company  


The privacy stakes have risen significantly since the Facebook breaches and GDPR “go live” date and people are now more weary and less trustworthy of corporations.

On the other hand, there is a digital business transformation occurring, which is causing more and more transactions to be done electronically from smartphones and other user-friendly devices. Thus, companies must be able to participate in the digital economy while simultaneously  adhering to the privacy requirements as demanded by individuals and governments.

Small business owners and IT executives must create and execute a plan that enables them to be competitive in the digital world while satisfying PII requirements – or alternatively, executives will have to gird themselves for potentially dealing with a materially significant risk exposure.  

Related articles:

Facebook – Good or Bad for Small Business?

The Price of Privacy

The True Value of Data

Critical Business Data- Measuring What You Manage


AI and Web3: Unleashing the Power of Decentralized Intelligence

AI and Web3: Unleashing the Power of Decentralized Intelligence

The fundamental definitions of AI and web3 as they stand today By now you have probably heard a lot about the pros and cons of Artificial Intelligence or AI and Web3. In this article, we will explore the relationship of AI and Web3, its implications across various...

Video Gallery

Modern version of Stoic philosopher Epictetus
A professional leads a cybersecurity training session for employees, emphasizing best practices. The photography captures the engagement of participants, showcasing the educational aspect of safeguard
Hispanic bearded male businessman trainer teaching coaching new recruitment African American female businesswoman employee in formal suit sitting studying learning company graph chart strategy
The presence of a robot using a computer. Office keyboard being typed on by machine. future IT group,.
Latino Streetwear Entrepreneur Latin Biz Today
Chef Lorena Garcia cooking with a wok
Latina Chef Loren Garcia
Latin Biz Today partner Johanna at the San Sebastián Festival


Which item currently represents the greatest hurdle in the growth of your business?(Required)

Sign Up for the Latin Biz Today Newsletter

PR Newswire

Featured Authors

avatar for Jesus GranaJesus Grana

Jesús Grana has 20 years of experience ...

Retirement Plans Can Attract the Best Talent

Innovation & Strategy


Four Basic Principles for Raising Capital

Four Basic Principles for Raising Capital

Outside investors want to understand a business' strategy as well as its financial statements.   The need to raise capital from outside investors requires a great deal of preparation across multiple dimensions. Among many things, investors look to understand...









Work & Life


Health & Fitness

Travel & Destinations

Personal Blogs

Pin It on Pinterest