What is Data Protection Day?
Data Protection Day has been held annually in Europe since 2007 to reinforce awareness of data privacy best practices and the safeguards organisations should have in place. It is a regular reminder for organisations to review the data management and security solutions they have in place.
Data Privacy & Personal Data—Who is Responsible?
Data privacy is the correct handling of personal data in compliance with GDPR (General Data Protection Regulation). Personal data is any information that relates to an identified or identifiable individual, either directly or indirectly. Not only does personal data include particulars such as name, address, credit card numbers, medical records, etc., but it also includes details people may be less aware of, such as IP address, cookies, phone location data, and other online identifiers.
Personal data and sensitive information are entrusted to companies and institutions every day. Professional organisations have a legal and moral responsibility to respect the data that has been given to them and to handle it in accordance with GDPR. This means all data must legally be treated as private and cannot be shared without the data subject’s consent.
Organisations have an obligation to ensure privacy policies are up to date and that there is transparency with their use of cookies. Visitors to websites need to know what data is being collected and what the organisation plans to do with it.
Data Breaches
When personal data is lost, destroyed, corrupted or disclosed, it is considered a data breach. In accordance with GDPR, all qualifying breaches in the UK must be reported to the ICO (Information Commissioner’s Office) within 72 hours. While some breaches will have little or no impact and may not even need to be reported, (such as the accidental deletion of client information which is later retrieved from the server) more serious breaches come with greater implications.
We are all aware of big companies being hit with non-compliance fines, but the financial impact doesn’t end there. Many organisations suffer further financial losses through legal fees, operational downtime, and lost business opportunities due to damaged reputation. But, of course, it’s not just organisations that are affected by data breaches. We need to consider the individuals whose data is the subject of the infringements. The consequences of cybercrime, such as identity theft and credit card fraud, can be incredibly damaging and difficult to recover from.
Ensuring Your Organisation is GDPR Compliant
Public authorities and companies dealing with data on a large scale must have a designated data protection officer (DPO) to ensure they maintain GDPR compliance. Organisations that do not require a DPO usually employ data management software such as Deepeo, which works by scanning databases and deleting any information there is no longer a business or legal reason to retain, as per GDPR requirements.
Hopefully the message behind Data Protection Day will prompt organisations to review their data privacy practices and ensure they have the right safeguards in place.