Data Privacy Day (known in Europe as Data Protection Day) is an international event that occurs every year on the 28th of January. The purpose of the day is to raise awareness about how businesses and individuals can promote the implementation of privacy and data protection best practices.
With our Europe Data Threat Report revealing in 2020 that European organisations have a false sense of security when it comes to protecting themselves from data breaches, and with GDPR regulators set to get tougher on compliance, it is important to continue the dialogue surrounding data protection so that individuals feel empowered to take action to protect their valuable data.
2020: An era of change for Data Protection
Although protecting personal data is something many enterprises consider carefully, and want to do well at, it’s not always easy. We know that the turbulent events of 2020, for example, created numerous challenges and gaps with regards to data protection, which must be remedied in 2021. This is because so many of our day-to-day interactions with services like banking and healthcare, which were once largely handled through face-to-face discussions, have become exponentially digital with the onset of the coronavirus pandemic.
With companies having to quickly migrate their operations online to keep disruption for their customers to a minimum, data privacy practices were, understandably, often more of an afterthought. The extent of this transformation was significant. Globally, about 55 percent of products and/or services are fully or partially digitised as of July 2020, compared to 35 percent in December 2019.
At the same time, consumers are being asked to submit more and more of their personal data into digital services. Whether this is for contract tracing apps or teleworking practices, we are being forced to rely on our devices like never before to keep us connected. While it’s been great to continue having access to these services, with more data being stored on servers or in the cloud, it is essential businesses make sure this is secured to the highest standards. Without these practices being put into place we are likely to see more data breaches in the future, which will only result in citizens not trusting companies with this data in the first place.
How businesses can ‘own their own privacy’
For businesses to comply with data protection practices they firstly need to understand exactly what the law requires of them in the countries they operate in. Keeping up to date with any changes in legislation is important to avoid fines and the reputation loss that comes with a data breach. While many of us have heard of the biggest data protection acts like GDPR and LGPD, a much smaller group of people are likely to know what implication that new acts, such as Schrems II, (which invalidates the EU–U.S. Privacy Shield) will have on their business.
Once the scope of compliance needed by a business has been established, it is then important for businesses to review if their data collection practices are just and fair to their customers. It is easy to request customers to input a variety of data into a system. However, by making sure only the most relevant and legitimate data will be processed, the right security provisions can be put in place for a smaller data set – reducing the costs and risks associated with a bigger surface of data to attack.
What’s more, with over 79% of U.S. adults concerned with the way their data is being used by companies, collecting only the data deemed essential is a great way to respect consumers’ privacy and is a smart strategy for inspiring trust and enhancing the reputation of a business.
Finally, businesses need to understand exactly what practices they can put in place to take responsibility for the data privacy of their customers. Some of these measures are relatively simple and straightforward to implement and keep up to date, protecting businesses from easily preventable breaches. For example, ensuring that multi-factor authentication and access controls are enabled and working on computers and devices, and that employees have been educated on how to handle personal data means it is less likely it will be taken and misused. If needed, more advanced solutions like encryption and tokenisation can also be deployed to keep the most sensitive data secure throughout its lifecycle.
Ultimately, the regulation around data protection has undergone major reform in the past few years, a trend that looks set to continue across the world. Although it may seem difficult to stay one step ahead of the legislation, understanding how your company collects and uses personal data is an essential part of protecting yourself from getting caught in the middle of a data breach. While 2020 may have been a year of unexpected turbulence for firms going digital for the first time, if implementing and maintaining data privacy protections is not considered a significant priority for your business this year, there could be huge financial and reputational consequences in the future.
Interested and want to learn more? Leave a comment below or tweet us @ThalesDigiSec if you have any questions.