Today industry leaders, governments, parliaments, national data protection bodies and other actors come together to raise awareness about the importance of personal and agency-wide data protection.
January 28 marks the anniversary of the first legally binding international law in the field of data protection – the Council of Europe’s Convention 108. Since this time, Data Protection Day is celebrated globally and aims to raise awareness about good data practice within the field.
In the digital era, data protection issues touch all aspects of our daily lives, from work and retail, to travelling, surfing the internet, and healthcare to name but a few. However, more needs to be done before society fully gets to grips with fundamental data privacy principles, and many citizens remain unaware of their rights.
Thus the aim of Data Protection Day is to inform and educate the wider public about their day-to-day data rights and provide data protection professionals opportunities to interact with us, the data subjects.
To mark Data Protection Day, the Committee of the Council of Europe’s data protection treaty “Convention 108” has published “Guidelines on Artificial Intelligence and Data Protection.”
European Commission First Vice-President Frans Timmermans, Vice-President Andrus Ansip and Commissioners Věra Jourová and Mariya Gabriel said in a statement:
“This year Data Protection Day comes eight months after the entry into application of the General Data Protection Regulation on 25 May 2018. We are proud to have the strongest and most modern data protection rules in the world, which are becoming a global standard.
With today’s cyber threats becoming more sophisticated, targeted and elaborate than in the past, it is important that businesses ask themselves what more they could be doing to protect their customer and employee data.
Adenike Cosgrove, cybersecurity strategist, international, Proofpoint said:
“Data Privacy Day provides an important opportunity for organisations to take a step back and consider whether they really are doing enough to keep their customers’ data secure in the face of today’s threats. While data protection regulations such as the EU GDPR have helped start conversations and forced organisations to think differently about how to keep data secure, this is just the starting point. Just because a business complies with a regulation, that does not necessarily mean it is doing everything it can to protect its customers’ personal data. For example, under the GDPR, the integrity and confidentiality principle states that organisations must implement ‘adequate security controls’ to safeguard personal data. Critically however, the regulation does not define what ‘adequate’ really means.
“An organisation could argue that their implementation of basic anti-virus protection and once-yearly data protection training for staff is ‘adequate’ – this may technically be regulatorily compliant, but is it really enough to keep consumers’ personal data safe from malicious attacks and data breaches? Today’s cyber threat landscape has changed dramatically, with malicious actors favouring sophisticated, targeted attacks which rely on social engineering to capitalise on human vulnerabilities. ‘Adequate’ security simply isn’t enough. Defending against such threats requires an equally sophisticated strategy for the ongoing security of people, processes and technology.”
Colin Truran, principal technology strategist at Quest Software:
“Data Privacy Day acts as a stark reminder for businesses to reassess their data protection strategies, but we need to continue making this part of our everyday conversation. While we are making great strides towards this, businesses still need to move away from viewing data privacy as a simple check box exercise and consider the ethical responsibility. Legislation such as GDPR and the role of the ICO are pushing this mandate to the forefront and holding organisations accountable. It’s early days, but the foundations are starting to be laid and businesses need to start considering the impact of their actions. This will be another watershed moment, and one they may fall victim to, if unprepared.”