Written by Mick Bradley, VP EMEA at Arcserve
When the Council of Europe signed the convention for the Protection of Individuals with regards to Automatic Processing of Personal Data (or Convention 108) on 1981, the digital age was very much in its infancy and data was only generating in trickles. But thankfully, there were some visionaries that foresaw the potential issues and put laws in place to protect the general public.
Not many people would have been too concerned about data protection and good data privacy practices in 1981 but these issues are high on the agenda for both consumers and organisations today. This is despite the advent of new regulations, such as The Global Data Protection Regulation (GDPR), as well as significant investment in cyber security and IT infrastructures. Rarely does a week go by without news of mishandling data in the headlines.
A wake-up call to everyone
When we hear about bad data practices, it is easy to think this is only an issue for big multi-national companies but that couldn’t be further from the truth. A mid-sized business might not get the same amount of negative press for mishandling data compared to Google or Facebook, but bad data handling can still have a negative impact. Particularly as people are becoming hypersensitive about how their data is used and stored, which can likely lead to receiving negative public reviews and ratings.
As such, good data protection and data privacy practices are not just for the IT team. They are an issue with far reaching consequences for the wider business – including the sales, marketing and business development teams.
There is also the issue of the fines that come with inadequate data practices. For GDPR, a fine of €20 million or 4% of annual turnover comes with non-compliance. This would surely be a significant amount of money for any organisation, large or small, to pay.
Businesses must invest in the right solutions
It is vital that companies invest in solutions that prioritise compliance so that they can conduct their business with full confidence. Organisations need to consciously take stock of the data they hold which counts as PII (Personally Identifiable Information) and clearly define what they need to protect it.
Data managers need to take on this responsibility to ensure “personal information” is clearly defined and captured, and that the processes for keeping it protected are documented. Of course, there are obvious pieces of personal information like email addresses, names, telephone numbers, and location information. But it’s important not to overlook other forms of personal data like IP addresses, for example.
It’s no exaggeration to say that data privacy is one of the biggest issues for businesses and consumers today. We live in an era where the consequences of doing it the wrong way could be quite significant. Organisations need to keep data protection front of mind if they want to set themselves up for success today and in the future.