How the GDPR inspired a new approach to email data protection
Did you know that the first Data Protection Day took place in Europe on the 28th of January in 2007? The chosen date was not a coincidence, as it was on the 28th of January in 1981 that the first internationally recognized data privacy and protection legislation, known as Convention 108, was signed into law by the Council of Europe.
North America, meanwhile, has been promoting a similar awareness day on January 28th since 2009, known there as Data Privacy Day. On both sides of the Atlantic ocean, the aim is to help stimulate awareness while also educating on best practices for data protection in an ever-changing digital and regulatory landscape.
Data Protection in the digital age
Perceptions and attitudes towards what is considered publicly-available information has shifted notably in recent decades. Many people who did not grow up as digital natives can remember a time when locating an individual’s home phone number or address was simply a matter of checking the locally printed telephone book. At the time, that form of personal information (name, telephone number and address) was essentially considered Public by Default instead of Privacy by Default. It was more of an opt-out system for data sharing as opposed to explicitly opt-in, which the General Data Protection Regulation (GDPR) was intentionally crafted to be. Conversely, the California Consumer Protection Act (CCPA) has been designed to be opt-out.
Many consumers have no idea what type of data their phone or energy company, for example, compiles on them. This typically also extends to how that information is being used, whether by the company itself or with any third-parties the customer may or may not be aware of. Since the advent of the GDPR and now the CCPA, consumers and residents have more visibility and legal rights on how their own data is handled. Both these acts also serve to make organizations more transparent and accountable (at the risk of high fines and penalties) for the data they do collect, and especially what they do with it.
Data breaches are costly
In any given news cycle there are reports of organizations experiencing significant data breaches, potentially impacting thousands, if not millions of people with just a few keystrokes. Here are just a few high profile incidents in the news recently:
- In July 2019 there was a massive data breach incident related to the hotel chain Marriott International exposing information of over 500 million customers for which they were fined EUR 110 million under the GDPR (they are currently appealing the ruling)
- Last year the airline British Airways received an even higher fine of respectively EUR 205 million under the GDPR for not properly protecting the personal information of its customers, they are also appealing the ruling.
The number of reported data breaches is on the rise, prevention is the key
According to a recent GDPR Data Breach Survey conducted by DLA piper, more than 160,000 data breaches have already been reported to the respective EU member state authorities since the introduction of GDPR in May, 2018. The countries with the highest number of breaches (largely due to their reporting systems) include the Netherlands, Germany, the United Kingdom and Ireland. Altogether that works out to be an average of over 300 data breaches reported to the regulators every single day. Beneath the headlines, however, is that most of the data leaks reported to authorities under the GDPR have actually resulted from human error, and not an external threat.
People will occasionally make mistakes, and staff play an integral role in minimizing the likelihood of data leaks occurring. While it is recommended to equip them with secure communication tools designed to prevent human error, such as ZIVVER, they also need to be empowered to help safeguard data within an organization, in which awareness is the first step.
Developing a culture of awareness
At ZIVVER, we believe every day should be Data Protection Day, it is in our DNA. We recently posted some tips to help organizations instil a heightened sense of awareness among staff throughout the entire year. Treating every day like it is Data Protection Day can help colleagues develop a stronger sense of security awareness, with an aim of protecting data on each of the 365 days of the year, long after any #DataProtectionDay or #DataPrivacyDay social posts have disappeared from their news feed.