I bet you never thought taking one of those innocuous Facebook quizzes would lead to the election of Donald Trump?

The social network has now admitted that up to 87 million people may have been affected by the Cambridge Analytica data harvesting scandal, which saw quiz apps scrape data from Facebook profiles to inform a number of controversial political campaigns, including Trump’s.

Trust has been damaged, in some cases irreversibly. Facebook is a personal place – your mother takes those quizzes, so does your nephew. They just wanted to find out which Tom Hanks character best describes them, or what kind of driver they are: not to influence an election.

#deletefacebook has since flooded social media feeds, and, in the wake, a study found that of the 93% of Brits that were aware of the Cambridge Analytica scandal, 5% have left Facebook and 6% say they intend to.

Trust in the Facebook community

As a platform, Facebook the concept is great. In theory, the platform offers a fair exchange: it gets your data and uses it to deliver targeted adverts, you get to use Facebook to communicate and keep up with your friends and family. Despite the countless examples of individuals who have seen wedding adverts minutes after proposing or seeing adverts for cat food after chatting about their neighbour’s cat, we keep using Facebook and other data collecting apps.

Businesses have been facing a continuous struggle with consumers’ perception of data. Even in 2016, a report by Edelman and The University of Cambridge Psychometrics Centre found that 71% of people across the world believed that brands with access to their personal data were using it unethically.

But this is much darker—cat food is not the Kremlin. The fury over Cambridge Analytica is driven by a sense of disbelief, that people may not only have accessed our most personal thoughts and opinions, but used them against us.

Avoiding data bad practice

The social network’s CTO, Mike Schroepfer said last week “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.” Facebook, with its Silicon Valley swagger, has made the mistake of underestimating 3rd parties—a mistake that has cost other organisations dearly. In the last few years, we’ve seen poor practice and subsequent data breaches devastate businesses—from TalkTalk, which faced significant reputational damage and lost 101,000 customers, to Yahoo, which had to stump up $350m to solve the problem.

It’s not just Facebook that is at risk from the Cambridge Analytica scandal: it’s everyone. After years of hacks, leaks, and now this, we are facing a crisis in confidence. Consumers are looking at how they share their data with a more sceptical lens.

As businesses, we all need to employ a greater transparency that gives consumers control and understanding of the value of their data. If personal data had been sought by Cambridge Analytica with full disclosure as to the purpose for its collection and subsequent use, the dramatic headlines that followed could have been avoided. We may even have had a different out-turn in the 2016 US election.

The opportunity to build back trust, however, is fast approaching. GDPR – which comes into force on 25th May – should be used as an excuse to kick-start something new: to sing out with honesty and transparency about data intentions, to have a holistic strategy and approach to customer data that transcends individual systems, which is easily auditable.

Under GDPR, every organisation that captures customer data must be transparent on the purpose, take appropriate steps to safeguard that data and ensure it is not shared beyond the parameters the customer has knowingly agreed to or is aware of.

For too long there has been a huge emphasis on consumers reading the small print and taking proactive steps to protect themselves. Thanks to GDPR, accountability will shift back to the organisations collecting, storing and using people’s data.

We’re heading to a future where individuals will be able to manage their own data, seeing exactly where and why it is being held, and how it is being used. Clear user interfaces let individuals update their information in real-time and decide how they want to engage with prospective data controllers. The benefit for businesses is that this means customer care teams spend less time sorting permissions and resolving complaints, whilst marketing are speaking to people who want to engage or at least know what is coming.

In the short term, customers will vote with their clicks and swipes about where they feel comfortable leaving their digital footprint. Where organisations are seen to use people’s data respectfully, with permission, in ways that provide tangible benefits to an individual, they are much more likely to opt in.

By J Cromack, co-founder, MyLife Digital