The 3 Pillars of Data Protection
Data privacy and the extent to which we are aware of it deserves more attention. Curious about the business value of responsible handling of personal data?
Data protection and the extent to which we handle it in the business world deserves more attention. Some people protect their privacy to the maximum, while there is also a group (the largest) that does not hesitate to share via social media in minute detail what happens in their daily lives. However, data protection seems to be an increasingly important concept; privacy regulations such as the AVG have raised awareness of privacy, making people more careful with their personal information.
This trend is in full swing for businesses/organizations as well. Organizations that do not adapt to the increasing importance of privacy will eventually see the trust of customers and employees decline. But what does responsible handling of personal data entail? For us, there are 3 important pillars in this; control, transparency and security.
Check
People want control. Not only when it comes to products and services, but also about what data they share and how it is used. Especially now that data privacy has become such an important issue, it is essential to support the user in determining what data they do and do not want to share.
While organizations often provide multiple options for how personal data is used for marketing purposes, new regulations require just a little more precision. Consider additional choices such as excluding data sharing with third parties or advanced advertising practices (geolocation and behavioral indicators).
Transparency
People share personal data in a world where information is shared at a rapid pace. So it is not unreasonable for them to have questions about how this data is used.
Unfortunately, it is common for organizations to collect data, only to use it in ways that users have not consented to. And when the way in which this data is used does not match the original purpose of the data collection, a person's privacy may be violated.
This means it is necessary to maintain transparency around data collection, processing and sharing.
Security
In a world with increasingly high-profile Cyber attacks, Ransomware incidents and data breaches, Cybersecurity is more than ever become an important pillar for security and trust. After all, it makes sense for people to want to know that the security of their personal data is in order.
Cybersecurity begins with a sound security policy and periodically reviewing the current situation against it. Among other things, this allows organizations to comply with the requirement of the AVG stated in Article 32 on the need for "a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures to ensure the security of processing." One of the technical controls is through one or more pentest,(s).