There are two key lessons from the Facebook-Analytica breach for all businesses: security and access rights, as well as compliance and GDPR. Do the right people have access to the right things? And if the breaches had affected EU users would Facebook have been able to notify users within the required 24- and 72-hour windows?