As our society becomes more digital, data protection is becoming more and more important.
Most people are aware that companies store a large amount of our personal data. Most of it is information we voluntarily share to access services. But few of us have a clear view of just who has access to our data today.
January 28 is Data Protection Day. The anniversary is part of a broader campaign to make citizens more aware of how their personal information is handled, and what we can do to protect and safeguard it.
At Safe Online, we have examined that question extensively. Our research shows that 300+ companies may have access to your personal data -but we recommend only about 60 companies should have that access. For this Data Protection Day, we’ll give you some tips on how to get an overview of where your data is and then decide who should keep it -and who should delete it, before it falls into the wrong hands.
What is Data Protection Day all about?
Data Protection Day falls on January 28 every year. The day was originally created by the Council of Europe in 2006. Abroad, it is called Data Protection Day or Data Privacy Day. The 28th of January was chosen because the European legislation on electronic data processing of personal data (also called the “108 Convention”) was drafted on that date.
Its purpose is to increase awareness of how your personal sensitive information is stored and handled, and what you can do to protect your data yourself.
But Data Protection Day is not just for individuals. European companies and organizations have been becoming more aware of the importance of protecting personal sensitive information; and additional legislation, such as the GDPR Regulation, have strengthened that awareness.
Why is data protection important?
Knowing how your data is processed is essential to protecting your privacy. It is also important to know how to ask companies about information they have collected about you.
When you share your data with companies and organizations, it’s usually for two reasons:
- Because it makes your everyday life easier. For example, when you allow an online shop to remember your address, or when Facebook shows you your friends’ birthdays so you can easily remember to send your regards.
- Because the company needs your data to provide a service to you. For example, when you need to change insurance companies and want to allow a new company access to your information, or when you need to enter your CPR number at the doctor’s office.
Indeed, some companies must store extremely personal and sensitive information about you to provide services. That is why data protection is so important.
Among other things, a company MUST obtain a consent from you before collecting your data at all. Then, they must keep a log of each member of their organization as they access your information. These procedures are in place to protect you, and so you know your data is in safe hands. In the end, it’s all about protecting your privacy and your data.
Sebastian Allerelli, Founder and COO of Safe Online, believes that precisely because more and more people are aware of the digital footprints they leave behind, data protection becomes essential for privacy:
“Data protection is a fundamental right. Not only in Danish law but now it’s been cemented in the rest of the world with the GDPR. All of us want privacy, no matter wherever we live and work.
We live in a time where 50% of our lives are spent online. Unfortunately, the truth is that most companies already define us using tags and algorithms before we meet. We need to be able to switch that off every now and then, when we choose to. We have the rights to choose privacy.”
Do you have an overview of who has your data, and where?
Few people can answer that question with any certainty. Even the most careful among us are probably unsure of exactly what data each company holds and how they handle it.
What can you do to protect your data, yourself?
Today, it is illegal for companies to ask for unencrypted, personal, sensitive information. And while for many it is common sense not to just write your CPR or card number in a chat message to the municipality when it’s requested, you are the one who ultimately decides how to send your information.
Be aware of how you share and process your own data.
Most reputable companies prefer to receive your data through a secure connection , that is, an encrypted connection that ensures that no one outside the company can access your personal data.
Pay attention to the way you are asked to share you information. For example, being asked to include personal information in a regular email message is not ideal, as that information will not be secure. Sharing in this casual way also makes it more difficult for a company or organization to manage that data properly themselves, and makes it unlikely they can find and delete it when storage is no longer necessary.
Make use of the right to be forgotten. You can contact a company and ask them to delete your data. Companies are required to reply to your request within a month, or provide a good reason for the exception if they cannot deliver it within that deadline.
It is not always easy to see who has your data.
For example, you may uninstall an app, but that doesn’t mean the company will erase your information, because it’s unlikely they’ll know that’s what you want them to. And can you remember all the companies you’ve given consent to access your data and the ones you’ve asked to delete it?
Connectid Personal gives you a quick overview of who is accessing your data. Then, you can use it to ask companies directly to delete or transfer your personal data to another company, or to you. It makes it easy to gain insight into just what sort of personal data companies have about you.
Data protection for companies should be easy to use
Plenty of errors occur in the meeting between humans and machines, and this rule also applies to data protection. The vast majority of security breaches take place because an employee happens to press a wrong button, doesn’t understand the importance of a security procedures, forgets the steps in the procedure or simply considers completing the task properly too cumbersome.
So the most important thing you as a company can do is to make sure that the solutions you choose for data storage are reliable and easy to use. At Safe Online, we have developed several solutions for this purpose, including Connectid Business (a platform for properly handling data requests) and Connectid Mail (a secure email data sharing solution). They both help you secure data, verify users, log activity and more, making it easy to manage personal and sensitive data in compliance with the GDPR.
The Danish Data Protection Agency is also celebrating Data Protection Day!