In this episode I visit with Jonathan Armstrong on the recent fine levied by British regulators against the insolvent institution Cambridge Analytica for violations of the British privacy law which was in place before GDPR went live. The case involved Cambridge Analytica denying aggrieved parties subject access requests and associated rights. Some of the issues and highlights are:

  1. The case demonstrates how not to interact with regulators as Cambridge Analytica’s pleadings were unnecessarily demeaning.
  2. The settlement with the company left open the possibility of criminal charges against individuals.
  3. How wide is the jurisdiction of the ICO? This case tested the limits.
  4. Always remember data subjects have rights.
  5. What are the key takeaways on the case?
  6. A vigorous defense of a civil action can lead to higher regulatory fines.
  7. What does a corporate regime change mean for regulatory enforcement?

For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.