Online is here to stay, but unethical use of personal data has to go

The growth of online has been a boon to business but has also led to a proliferation of unethical practices. Love or hate GDPR, it couldn’t come in too soon.

Before stepping down as CEO of advertising group WPP this month, Martin Sorrell made headlines when he blamed technology for the advertising giant’s worst stock drop since 1999, but the real reasons were all to do with his traditional agency model. ‘Traditional’ meant (still means for some) planning campaigns months in advance; now marketing is integrated across diverse platforms and devices to targeted audiences, all in real time. It’s the agencies that can react quickly and keep their brands on the forefront of culture that will thrive.

And, speaking of keeping brands at the forefront of culture, who else could be questioned by a US congressional committee for two whole days, after the Cambridge Analytica exposé, and see Facebook shares make their biggest gain in almost two years? Yes, Mark Zuckerberg’s Facebook is unstoppable; other companies might well have gone to the wall. However, the fact remains that 50 million people whose data was harvested did not give their consent for the company to use it. Astonishingly, Facebook had been aware of Cambridge Analytica’s improper collection of user data since 2015, yet did nothing to notify the users who had been affected. Actions like these only strengthen the case for GDPR.

But when you look into the real world of small to medium-sized enterprises (SMEs) and online, our world, the growth of online scams seems equally unstoppable. This month a study carried out by YouGov, on behalf of Barclays, found that 44 per cent of SMEs have been targeted by fraudsters and 23 per cent of those targeted have fallen victim to fraud. The average cost is almost £35,000, with most firms having to cover the cost themselves. Former England footballer Sol Campbell, and no stranger to the world of business, runs a bespoke furniture business, FBC London, alongside wife, and was a victim of cyber-crime. The fraudster targeted a new personal assistant who had only been working for the pair for a week and clicked on a phishing e-mail link. And you know where that leads.

But scams aren’t always that easy to identify. Often fraudsters will impersonate suppliers or staff, even the CEO, tricking firms into giving out private information or making unauthorised payments and only half of businesses report the crime to police, so the size of the problem is likely be much greater. Firewalls can only do so much, staff need to be informed, aware and ever-vigilant, because cyber-crime is a growth industry and not even the upcoming General Data Protection Regulation is going to help in that regard.

For most of us the power of online is nothing but helpful. Everything happens faster, we can be more targeted, there’s always an audit trail and keeping in touch, wherever you are in the world, has never been easier. But the Cambridge Analytica story has brought the security of our personal information into sharp relief, and GDPR is the first step in clamping down on those companies who have been treating our data as theirs.