Data Protection Day: Four steps to handle privacy
In 2007, the Council of Europe, with the support of the European Commission, created Data Protection Day. The date of 28 January was chosen for this purpose. This day was not picked at random, as the first Data Protection Treaty was signed on 28 January 1981.
The purpose of Data Protection Day is to raise awareness and promote privacy and data protection best practices.
Why is privacy important?
Privacy is a fundamental right. A condition to be free in who you are and what you do.
Privacy is about people controlling their own data. For example, how would you like it if one photo of you as a drunken teenager influenced your job options forever?
It’s all about controlling your own personal data!
What happened since the last Data Protection Day?
In one year’s time, a lot has changed in the world of privacy. For example, the Belgian Data Protection Authority has finally taken definite shape. This means that they’ve been fully active since the beginning of April 2019. As a result, fines for violating the privacy legislation in Belgium are also slowly coming into effect.
For example, in December 2019 an SME was fined 15,000 euros for not dealing correctly with cookies on their website.
Should we all be worried about fines then? Certainly not!
Four steps to take
It’s not complicated or expensive to take privacy into account within your organization. With a few adjustments you’ll come a long way.
Personal Data Inventory
This register is regarded by the supervisory authority as a compulsory basic document. It shows that your organization organizes the processing of personal data with due care. It contains an overview of all the processes by which you process personal data and the type of personal data you collect.
With GDPR, Europe wants companies to communicate more transparently about how and why they process data. How do you do that? By publishing a Privacy Notification on your website, in which you make it clear to your customers how and why you process their data.
Rights of the data subjects
GDPR guarantees some rights for your customers. It must be possible to exercise these rights simply and clearly – think about retrieving information, correcting errors, deleting data… With a number of easy-to-implement processes, you can meet this requirement.
Information security and data leaks
Your company must prevent data from falling into the hands of unreliable individuals. The strict security of data must therefore be a priority. What if a data leak occurs anyway? Then you must deal with it correctly and report it to the Data Protection Authority ‘without undue delay’ and not later than 72 hours after identification of the breach.
Of course you are not alone in this. There are several ways Toreon can assist you.