Data Protection Day


About: 28 January 2022: 16th Data Protection Day

In 2006, the Committee of Ministers of the Council of Europe decided to launch a Data Protection Day. It is now celebrated globally and is called the Privacy Day outside Europe. It aims at raising awareness on the right to data protection. Data Protection Day marks the anniversary of the opening for signature of Convention 108, the global data protection Convention. Last year, we celebrated the 40th Anniversary of Convention 108. For over 40 years, Convention 108 has influenced and shaped the protection of privacy and of data protection in Europe and beyond. Its modernised version (known as Convention 108+) will continue to do so. The main goal of this day is to educate the public on data protection challenges, and inform the individuals about their rights and how to exercise them.


Jon Fielding, Managing Director, EMEA Apricorn comments: 

“Data Protection Day is aimed at educating the public about their rights – but it’s the responsibility of businesses and other organisations to uphold these rights, and protect the privacy of the personal data they create and handle.

There’s an ethical and social imperative to keep information on customers, service users and employees secure. There’s also a business imperative; failure to prevent data being lost, exposed or stolen can result in huge regulatory fines and reputational damage. Overall fines for breaching GDPR regulations were seven times higher in 2021 than the previous year.

Organisations should mark Data Protection Day by reviewing their cybersecurity strategy, policies and practices against the latest versions of the regulations they’re subject to. This should cover global and national legislation such as GDPR and NIST, as well as industry-specific regulations. These are regularly updated – for example, NIST is refreshing its cybersecurity framework this year, while a new version of the PCI DSS security standards for the payments industry is set to be released very soon.

Continued compliance requires a close grasp of requirements, alongside an understanding of the constantly evolving threat environment and the security challenges presented by a decentralised working environment.

Not all data breaches will be prevented, however, which is why it’s also vital to encrypt all personal data as standard, whether at rest or on the move, and at an endpoint and network level. This will render information unintelligible to anyone not authorised to access it – forming a last line of defence and keeping information protected and private.”