2016 saw many high profile data breaches; from Yahoo to Tesco Bank. Are companies taking data protection seriously enough? Data Protection Day is tasked with raising awareness of the subject, but also promoting best practices. 49 countries observe DPD and some of the world’s largest organisations, such as Intel and Microsoft, have been involved in supporting the initiative.
With the aforementioned data breaches and the upcoming changes to the EU data protection laws, the subject has never been more relevant. Over half a billion personal information records were stolen or lost in 2015, with a number of organisations not even reporting the full extent of data breaches. It’s estimated that 46 records are stolen every second! But how can we make sure that we aren’t exposed to a data breach or failing to comply with EU data protection law?
Data collection – Ensuring you either have unambiguous consent or your need to data meets one of the acceptable criteria (legal, contract, legal, protecting interest etc).
Data use – there must be no secret or creeping purposes, the data cannot be abused. It can only be used for its intended purpose which was disclosed. Organisations must be held to account on their usage of the data.
Protection practices – data must be processed fairly and lawfully, including obtainment, managing and processing.
The General Data Protection Regulation has been in place for 8 months, luckily there is a two-year transition period. If you’re not adhering to these new rules by 25 Ma 2018, you’ll be liable for a large fine! These are the new rules you need to be aware of:
To minimise the risk of a data breach, implement the following steps:
You can find more information on Data Protection here.