Facebook reveals privacy principles

With so little time until the implementation of GDPR, companies are rushing to get their house in order. With fines of up to €20 million or 4% of annual turnover for non-compliance, the bigger the business the bigger the risk. So when it comes to social media giant Facebook, with an annual turnover in excess of $3 billion, we’re pleased to see that it’s taking active steps to prepare for the impact of the new laws.

The company will be showing users how to manage the data that Facebook uses to show them ads, how to delete old posts, and what happens to their data if they delete their account. Whilst the company has always had a set of privacy principals, which are its rules on how Facebook handles users’ information, it’s only now that they’re being published.

The GDPR, which comes into effect on 25 May, marks the biggest overhaul of personal data privacy rules in the history of the internet. The GDPR places much stricter requirements on the data manager, such as the requirement to allow customers to export their data and delete it, and having to report data breaches within 72 hours.

Erin Egan, chief privacy officer at Facebook, wrote in a blog post that “we recognise that people use Facebook to connect, but not everyone wants to share everything with everyone – including with us. It’s important that you have choices when it comes to how your data is used.”

Last week Facebook’s chief operating officer, Sheryl Sandberg, announced that the company would be creating a new privacy centre that would place all their settings in one place.

Facebook has come under attack in the past from EU regulators over its use of personal data and tracking of online activities. The company’s publishing of their privacy principles marks a big improvement in their attitude towards how personal data should be managed, particularly because they’re now educating their users too.

We know that, when it comes to preparing for the GDPR, big businesses such as Facebook probably won’t struggle to afford the best compliance advice. And we appreciate that isn’t always the case for most companies, particularly start-ups and small businesses. That’s why having an expert team on your side makes all the difference. Expert advice from the new ‘GDPR Advisory Board’ is available, and will help the unprepared with the compliance process. You can also take a look at our blog for plain-English guides, like how to write a GDPR compliance white paper and simple steps for getting ready for GDPR.