Data Protection Day: Your opportunity to raise awareness

What is Data Protection Day?

In 2006 Council of Europe initiated the launch of European Data Protection Day to be celebrated each year on 28 January, which marks the anniversary of the Council of Europe’s ‘Convention 108’ on the protection of personal information – the first legally binding international law on data protection which was open for signature in 1981.

However, the initiative was soon accepted by other countries, and now Data Protection Day is globally recognized as Data Privacy Day outside of Europe, and although this brings some confusion, the term is often used interchangeably.

Nevertheless, Data Protection Day should be a day where companies, organizations, institutions, governments, and national data protection authorities raise awareness about the importance of privacy and data protection.

Data privacy concerns individuals, as well as organizations, if not even more so. The responsibility to demonstrate compliance is always on the organization, and the organization holds accountability for the safety of personal data and can suffer consequences for mishandling it.

Why is Data Protection Day important?

As the landscape of global data protection initiatives constantly evolves, laws and regulations are creating an intricate web of rules and obligations for organizations.

That is why it is important to raise awareness, promote data protection best practices, and discuss important privacy-related topics to remind organizations, as well as individuals, why they should care about privacy.

Comprehensive privacy laws, like General Data Protection Regulation (GDPR), impose strict data protection requirements, while new rulings and decisions frequently alter the understanding and perception of obligations and the application of laws.

All that adds up to the complexity of compliance. Therefore Data Protection Day is also a chance to catch up with new developments in the Data Protection area.

How to celebrate Data Protection Day in your Organization?

Use Data Protection Day as an opportunity to remind your coworkers about the importance of privacy, as well as refresh their knowledge about security measures, privacy practices, and their contribution to overall compliance in your company:

• Provide materials: Send useful privacy-related materials, blogs, podcasts, or videos through official communication channels to everyone in your organization.
• Organize a company event or webinar: Discuss the state of privacy in your organization and hold a short Q&A session to drill into the topic with your coworkers. They might have more questions than you think!
• Send out surveys: Compile a short survey about the state of privacy in your organization or a fun quiz to check general knowledge about privacy.
• Explain how employees can contribute to overall compliance: Remind coworkers about their privacy obligations as employees, list possible situations people in different departments (Marketing, HR, or Customer Service) could encounter, and create an action list for a possible situation.
• Remind everyone what are the obligations of privacy team: Let everyone know what your privacy team is doing, explain your efforts, and emphasize the importance of work that has been done so far.

Privacy resolutions for 2023

1. Invest in your team

Attain new knowledge through various training, courses, or webinars. Consider the prerequisite knowledge for taking the course, learning outcomes, teaching style, content quality, and the expertise and professional reputation of the lecturers themselves. In addition to publicly available courses, get informed about tailor-made, in-house workshops provided by specialized experts for you and your privacy team. Read more The value of personal data privacy certification [CIPP, CIPM, CIPT & CDPSE].

2. Raise awareness and educate

Promote privacy all year round in your organization. Build an educational program specific to each department that handles personal data. Human error is responsible for 82% of data breaches, and a lot of those breaches could be avoided easily if best security practices were put in place. So make sure to mention obvious measures and educate on phishing attacks, strong passwords, and social engineering as well as how to recognize and respond to data subject access request. 

3. Reassess your privacy program and plan for year(s) ahead

Your work is never done. Compliance is an ongoing process that needs to be revisited and reassessed.  Ask yourself what the weakest link or biggest oversight in your privacy program is, assess the risks, determine requirements and goals and implement your practices.

4. Discover your data

Discovering personal data is the first step in your compliance journey. You need to know where personal data is stored, who has access to it, what type of data is collected, are there are any measures that need to be implemented, for how long you need to keep data, and more.

If you don’t know where your data is, it is impossible to respond to any of those requirements and protect personal data adequately. Innovative data discovery solutions can automatically classify all personal data spread throughout your organization, allowing you to build up-to-date records of processing activities, define different data categories, and classify sensitive personal data, but also enforce appropriate technical and organizational measures for each specific data set.

5. Methodology and technology

Research the selection of methodology and technology. Instead of defining new methods and frameworks, use those that have been tested and recommended by supervisory authorities and other professional organizations. If your organization’s needs require the use of sophisticated tools and publicly available templates are not good enough to meet your needs, opt for one of the advanced technical solutions. When choosing such a solution, consider the needs of the organization and the complexity of the operational function in implementing the privacy program.

Additional resources

• Training & Awareness: Promoting privacy within the organization– Find out where to start and what to focus on when preparing privacy-awareness training
• How to create support for your privacy program: Raise awareness of the importance of the Privacy program, talk to key stakeholders, make allies, provide training and put yourself on a map
• 7 Ways To Train Employees On Cybersecurity – Training employees on cybersecurity best practices can make a big difference

How to protect your data online

And finally, although privacy is becoming more elusive with new services and technologies that we use in our everyday life, as an individual, you can still use measures to keep your data secure and protect your privacy:

• Ensure password security and use strong passwords with lowercase, uppercase, and symbols. 80% of data breaches are password-related.
• Use a Virtual Private Network (VPN) if possible
• Review your privacy settings on your mobile phone
• Use two-factor identification
• Change privacy settings on your social media apps
• Know your rights, so you know what to do when your privacy is violated

You can read more about protecting your privacy on social media: “How to Protect Your Privacy on Social Media“