The EU's Information Commissioner’s Office (ICO) is taking steps to show that it will seriously enforce GDPR provisions. The ICO fined Facebook $661,000 for data violations related to the Cambridge Analytica scandal. Sure, that number seems paltry, but Facebook could have been fined up to $1.6 billion. GDPR violations can max out at 4% of a company’s annual global turnover.
Despite the GDPR being an EU regulation, any company with a global touch point can be impacted because the internet is borderless. Health and financial industries have been traditionally considered higher risk for regulation. However, the ICO’s move to fine Facebook signals that so-called "platforms" are also at risk. What this means for private enterprise, is that companies like advertising agencies and ad serving platforms are also vulnerable given the massive amount of personal data they handle.
Global marketing agencies should now consider themselves officially on notice.
Global marketing agencies are no longer the Mad Men creative firms of yesteryear. With the advent of digital advertising, agencies have built or are acquiring database companies to better target advertising. One of the growing pains, is that agencies now have Personally Identifiable Information (PII) but aren't used to protecting it in the way regulated agencies are. These are the easiest ways an agency can be caught out by GDPR:
- Human Error – What happens if a client sends their agency a customer data file? Most agencies have PII protocols in place, but if a client sends the data through an unsecured channel, it's already out in the wild.
- Phishing - Cyber attackers can target employees that have access to customer data. If they gain password access, then they gain access to where customer data is being stored.
- Collaboration networks - The leading marketing agencies have a global presence. Offices are using collaboration channels, like Slack, to work more efficiently. But these new channels also provide opportunities for employees to inadvertently mishandle data or be fall victims to malicious content, like malware links.
Marketing agencies' reliance on customer data will continue to increase as dollars continue flowing into digital media. This data is now critical to agency revenue models and while agencies are protecting that data inside their networks, they need to look for ways to protect vulnerabilities outside the firewall.
SafeGuard Cyber helps manage all risks across the digital ecosystem. If your business model relies on handling customer data, we can help reduce your GDPR exposure.
Contact us for a demo to hear more about how we can help you proactively detect and protect against new digital threats.