Happy International Data Protection Day! Today, Thursday 28th January, is dedicated to promoting awareness of personal privacy and effective data protection practice. The event celebrates the 35th anniversary of the signing of the Council of Europe treaty; Convention 108, on 28th January 1981- the first legally binding international treaty on privacy and data protection.
Data Protection Day was inaugurated a decade ago to highlight the groundbreaking work that the EU has carried out to ensure that the protection of personal data is safeguarded as a fundamental human right. Much of the world, including the US, has since followed Europe's lead, particularly owing to recent developments in privacy concerns. The day is now called ‘Data Privacy Day’ outside of the EU, and the focus has now shifted to individuals and companies being encouraged to proactively keep data secure, rather than citizens' privacy merely being protected by legislative control and enforcement.
Data Protection Day this year has taken a special significance, because the European Parliament is set to vote during the next few weeks on an update of the 21 year old law that protects EU citizens' data; Directive 95/46/EC. The new law, the General Data Protection Regulation, will impose one comprehensive set of rules and guidelines across the entire EU and will harmonise procedural practice regarding data protection. Moreover, for the first time, any organisation that breaches data protection law will be subject to punitive sanctions with possible fines of up to 4% of a company's global revenue set to be incurred.
In recent years, data theft has become one of the world’s most prevalent crimes with billions lost each year through credit card fraud, identity theft and scams. Also, increasing quantities of data mean that employees in organisations often have control over enormous amounts of information without realising the consequences of the slightest error or technology failure. Human error, of course, always happens, and the inevitable consequences often lead to headline news and severely damaged corporate reputations.
Data Protection Day is a good time for your organisation to take stock of measures and processes in place to ensure that you are doing enough to safeguard all personal data under your control. For example, having a comprehensive training program in place is one of several essential requirements for meeting the expectations of your clients, employees and the general public. Another key area relates to how data under your organisation’s control has a life cycle from creation to use and eventually, destruction. Each stage of this cycle poses inherent privacy and security risks and must be managed accordingly.
For further information and assistance in this ever-increasingly important area, please feel free to contact us at PrivacyEngine. Data protection-related issues are our specialty and we welcome the opportunity to assist in any way we can.