Every so often — rarely, even — there is a moment that sits right at the centre of an overlapping Venn diagram of culture, politics, media and business. This week we’re seeing the unfolding of just such a moment, with new revelations every day (every hour, practically) on the Cambridge Analytica saga.

In a nutshell, it’s a fast-evolving tale of how an analytics company allegedly harvested data from 50 million Facebook profiles for “academic research” after paying 320,000 users to fill in an online quiz accessed through Facebook, and then scraping data from all their friends while they were at it.

The firm then apparently created algorithms to work out who was vulnerable to ads that might sway their political leanings, and targeted them precisely with messages that may or may not have influenced the US election. At the time the company was owned by hedge fund billionaire Robert Mercer and the program was reportedly headed by key Trump advisor Steve Bannon. The current CEO, Alexander Nix, was suspended on Tuesday.

It’s a huge story, and not just for the digitally- or politically-savvy minority sipping their flat whites in a social media bubble, precisely because it has the potential to affect all of us, everywhere.

As consumers and individuals, our lives — our preferences, passions and prejudices — are encapsulated in many terabytes of data, out there in the cloud: from our Amazon purchase history, to what we like on Facebook and Instagram, to our opinions on Twitter, to who our friends, family and associates are, to what we search for on Google and what we yell at Alexa.

We give our data away daily with barely a second thought. We hate endless passwords so we lazily log in to completely unknown sites and apps via Facebook (so convenient!). Hardly any of us use adequate digital security and privacy protocols.

At the same time, this abundance of personal data has been a boon for businesses and brands, who use it not only to identify, understand and reach their audiences on digital and social platforms in ever-more sophisticated, targeted ways (we all hate spam, so this is no bad thing per se), but also to inform their messaging and creative content.

Name an award-winning PR campaign over the past couple of years that does not boast of being based on “data-driven insights”, and which has not then yielded higher levels of measurable engagement and even bottom-line results for clients.

The implications for global politics are, at best, that attempted manipulation of elections and referendums through cyber-propaganda is possible and has probably been happening around the world since at least 2014, when Cambridge Analytica whistleblower Chris Wylie says Facebook data started being pulled.

At worst, democracy — particularly political debate based on facts rather than emotion — is dead. The days of the “hanging chads” scandal after the George W. Bush 2000 US election, when punch-card ballot machines in the swing state of Florida were allegedly tampered with, now seem terribly innocent.

As for social media, this episode is another serious dent in the reputation of beleaguered Facebook, which was still grappling with how to handle and respond to Russia’s activity on the platform when the Cambridge Analytica story broke, and whose UK policy director Simon Milner had only last month told a parliamentary enquiry on fake news that the analytics company did not have or use Facebook data. Mark Zuckerberg has now been summoned to give evidence in person.

For a platform that encourages oversharing, Facebook itself is not exactly looking radically transparent, nor fully in control or protective of the data it so greedily collects.

After Facebook’s share price plummeted, Zuckerberg finally broke his days of silence on Thursday in a Facebook post to acknowledge that there had been “a breach of trust” between Facebook and its users. In a later interview with CNN he apologised for the incident, pledged Facebook would crack down on rogue apps, and said he was open to the idea of regulation. "I'm not sure we shouldn't be regulated," he said. "There are things like ad transparency regulation that I would love to see."

As an aside, it’s worth noting that this, the biggest social media-related scandal yet, was uncovered by the Guardian and Observer sister newspapers, along with Channel 4’s news team: three established pillars of the UK media.

Breaking stories like this (after a year of old-school investigative journalism) demonstrates why, according to Edelman’s 2018 Trust Barometer, trust in traditional media is up this year for the first time in the report’s 18-year history, while trust in social media has shrunk.

So what does all this mean for communications professionals? How does the industry maintain a balance between precision targeting in digital marketing strategy and activity, and avoiding misuse of data or even falling foul of the law?

At what point on the awareness-persuasion-manipulation continuum is the line crossed, where use of data is concerned?

It’s a fundamental question for an industry which now has a digital thread running through almost every aspect of its work, and it can be boiled down to two main elements. The first is practical, and relatively straightforward: housekeeping around agencies’ and brands’ use of personal data in PR campaigns.

The Facebook data breach is in some ways timely; if comms professionals across the world are not already on top of preparation for the EU’s General Data Protection Regulation (GDPR), which takes effect from 25 May this year, this will certainly put it front of mind.

GDPR may be European legislation, but it will apply globally: any company around the world that holds any data on EU citizens for targeting or monitoring purposes will be required to adhere to the new regulations. The US has required all companies to notify when there has been a data breach since 2003, but PWC is now strongly advising all US-based companies to go much further and comply with GDPR.

While populist governments focus on stronger borders, business isn’t going to stop being global, and so GDPR looks set to become the benchmark for responsible data use around the world.

The requirements of the new legislation are to have good IT and internal security measures in place; keep records of data processing; have a data protection policy covering what data is held, what is done with it, and how requests to change or delete data are handled; and ensure suppliers and sub-contractors are sticking to the policy and procedures.

Commercial law firm Lewis Silkin has prepared a note for PR professionals on becoming data protection-ready as so-called “data processors”. Essentially, it’s common-sense transparency and security, albeit requiring thought and time to implement, and with financial penalties for non-compliance.

The second strand is a more complex and intangible soup of trust, reputation, morals and ethics. As consumers, we may be partially reassured by GDPR compliance, but, post-Cambridge Analytica, will we ever really trust companies that hold our data again?

How can brands and agencies demonstrate that they are not only required to, but want to do the right thing when it comes to using data? That they are using personal information to understand their audiences better and engage the right people at the right time in the right ways, as a tool for good, not for ill?

The answer may lie in another timely juxtaposition: The Future Laboratory has just released its latest tranche of trends research, which it has called The Moral Uprising. This is packed with surprisingly optimistic predictions about how brands will, and must, operate with a renewed and reinforced moral compass to survive and thrive.

In this “move fast and break things” digital world, where technology is evolving at breakneck speed and is becoming ever-more-tightly woven into the fabric of our lives, consumers are demanding new ethical frameworks from the brands they have increasingly intimate relationships with, just as brands are demanding higher standards of ethics from their communications consultancy partners.

“Purpose” may be the buzzword of the moment, but we’re only going to see more of it as younger Gen Z consumers, in particular, demand that businesses in all sectors operate with an open heart and soul, as well as a profit motive.

Presenting the report at a Bite Global event this week, trends forecaster Ruth Marshall-Johnson said: “Data hacking has forced consumers to face security worries every day. Brands must take the lead in creating a safer, more secure world for people globally, redress the consequences of reckless innovation, lead the privacy reset, and be an ethical gatekeeper for your industry and sector.”

And she told the Holmes Report that she believed the Cambridge Analytica scandal could be a “tipping point” to accelerating the emerging favourable types of brand behaviour outlined in the research.

This story is likely to run and run; brands, their communications advisors and the wider world are watching and waiting to see what else emerges in the fallout before assessing casualties, survivors, and future strategy beyond regulatory compliance.

In the meantime, it’s probably a good idea to avoid Facebook quizzes.