28 Jan Data Privacy Day – top tips for organisations and individuals
Today is Data Protection Day, also known as Data Privacy Day.
Every year around the world organisations, like us, share a united goal to raise awareness about the importance of respecting privacy and safeguarding data.
Why do we need a data privacy or data protection day?
Data Privacy Day is here to remind everyone of the vital importance of personal data protection in the modern world. It raises awareness not only about the risks but also one’s rights to personal data protection and privacy.
In recent years we’ve seen advanced development in technology with many living and working in a digital age, where things like talking to someone or getting our shopping done are now online.
Recent forced changes to remote working as the pandemic spread globally have only accelerated the inevitable shift in our working patterns. This in turn has increased our reliance on technology and data protection considerations should be at the forefront of any business management team operations.
The day itself is significant as it commemorates the day when the first Council of Europe’s data protection convention “Convention 108” was opened for signature in 1981.
How do I protect my organisation?
- Be compliant! As data protection experts, we can’t stress this enough.
Since being introduced in 2018, GDPR has had a worldwide impact on all organisations offering goods or services to individuals in the EEA and UK, or monitoring their behaviour through eg. targeted advertising or data ‘profiling’, and holding or processing their data for those purposes. Based on these criteria, not only companies based outside of the EEA and UK, but also organisations in the USA, Australia, India and other countries need to comply with obligations imposed by this data protection legislation.
If your business does not have offices or branches in the European Economic Area (EEA) and you are offering goods or services to individuals in the EEA, or monitoring their behaviour as mentioned above, you need to have an ‘EU Representative‘ in place to act as a direct contact for the individuals whose data your business is processing, and also data protection supervisory authorities in the EEA.
It is sometimes called the ‘hidden’ obligation and compliance is vital as the fines for infringement of GDPR can amount to €20 million or 4% of an organisation’s annual global turnover, whichever is higher. Supervisory authorities also have the power to suspend or prohibit data processing activities altogether.
We offer a free self-assessment to see if you need to appoint an EU Representative which you can take here.
UK ‘Applied GDPR’ obligations came into effect on 1 January 2021 to coincide with the end of the transition period for UK officially leaving the EU. The UK Applied GDPR together with the amended version of Data Protection Act 2018 creates a data protection framework. The key principles, rights and obligations remain the same as well as the possible fines for a data breach which can amount to £17.5 million or 4% of an organisation’s annual global turnover, whichever is higher.
Brexit also means that businesses which are not established in the UK but which are offering goods or services to individuals in the UK, or monitoring their behaviour, should have appointed an ‘UK Representative’ as of 1 January 2021.
If you think you need an UK representative you can take our free self-assessment here.
- Have a data security policy for your staff and train them on it: We cannot stress enough the importance of being prepared for a potential hack to lessen the risk of theft of data and ongoing damage to the business. Have a policy in place and ensure that staff know what to do.
- Keep company systems and software up-to-date to help keep data safe: Software updates together with encryption of confidential information and the creation of strong passwords should be standard company policy.
- Prioritise data backup: Make sure that you have a strong data backup in place to lessen the risk of data loss.
- Conduct an audit of data security risks: Review your organisation’s processes when it comes to data by conducting a data audit (a road map of how data is managed in and outside of your organisation to help identify any risks or weaknesses).
Review your organisation’s processes when it comes to data by conducting a data audit (a road map of how data is managed in and outside of your organisation to help identify any risks or weaknesses).
How do I keep my personal data safe?
Let’s celebrate Data Protection Day with these five easy steps:
- Keep your phone and other devices up-to-date – Take a minute to update your phone, tablet or laptop and make this a habit.
- Give your passwords a refresh today (When if not on a Data Protection Day!) – We would strongly advise you to make it more than an annual habit and don’t fall into the trap of using a password twice. We know it’s difficult as many webpages and providers require you to use a combination of numbers, letters… and the list goes on. Try to use a reputable password manager app.
- Use anti-virus protection and firewalls – There are numerous providers who offer free basic versions. Try it out and see if you need more protection.
- Don’t use public wi-fi without a VPN – If you cannot avoid use of public wi-fi be sure your device is protected by using a VPN. A VPN is a virtual private network that establishes a secure and encrypted connection to provide greater data protection. There are numerous providers – be sure to choose a reputable one.
We trust this article has brought to light some very important data protection considerations for organisations and individuals. If your organisation is in need of GDPR support, training or EU representative or UK representative services to comply with your data protection obligations, please get in contact with us. Our data protection experts offer businesses a free no-obligation consultation.
Our professionals are members of The International Association of Privacy Professionals, the largest and most comprehensive global information privacy community that helps define, promote and improve the privacy profession globally. We are also linked to our sister law firm, Willans LLP.Contact us