International Data Protection Day is marked on the 28th January each year on the anniversary of the Council of Europe Convention 108 for the protection of individuals with regard to automatic processing of personal data. The opening of this treaty took place in Strasbourg on the 28th January 1981 and, in a nutshell, was the first binding international instrument which protects individuals through the collection and processing of personal data and which seeks to regulate the transfrontier flow of personal data. Obviously!
Well that's quite a mouthful and may strike some as a little bit of an odd "day", but bear with me. We are in an age where we set aside days to celebrate the oddest of things; January alone is crammed with celebratory days including Festival of Sleep Day (which is on a Wednesday, so good luck calling that one in to work), Nothing Day (yep, that's also on a work day) and Squirrel Appreciation Day. That one is not on a work day, which is nuts. If you're not a big fan of squirrels, you can always hold out for February 1st which is Work Naked Day. And yes, that is indeed on a week day too.
Feel free to check my sources HERE.
So, in a month where you could be celebrating just about anything in your clothes or out of them, Data Protection Day doesn't sound so ridiculous after all. In fact, the purpose of this day, amongst other things, is to raise awareness and promote privacy and data protection best practices and offers opportunities for collaboration among governments, industry, academia, nonprofits, privacy professionals and educators. It is currently observed in the United States, Canada, India and 47 European countries, including the UK.
International Really, Really Awkward Fist-Bump Day anyone?
So, what can you do this coming Data Protection Day?
Well, aside from it landing on a Sunday in 2018 (in which case, you could just as easily do this on Monday 29th January) this is a whole working day to reflect on whether your organisation is in the right place with its processes and policies. First and foremost, I would seriously recommend ensuring that employers and employees alike are fully aware of the General Data Protection Regulation (GDPR) coming into effect on May 25th 2018. I mean, if you haven't done so already, this could be the perfect time to do it.
Want something to raise GDPR awareness right now that doesn't even cost you any money? Download this FREE INFOGRAPHIC and give it to everyone in your organisation so they are aware of the differences between the Data Protection Act and GDPR. You could even have the infographic printed on T-Shirts and give them out to all your staff - or just print it off and pin it to everone's desk walls (much more sensible option). Do you have someone who always puts their feet up on the desk? Stick it to the soles of their shoes! Just do whatever it takes to make sure you are raising awareness and reducing the risk of breaching the regulation.
In addition to the key changes outlined in that DPA-GDPR infographic, there are a number of additional obligations that both data controllers and data processors in the UK need to know, including accountability. Here, the GDPR will require all companies to demonstrate 'compliance by design'. That is, it is insisting that all companies ensure that they have adequate systems, contractual provisions, documented processing and staff training in place. So, between now and January 28th check out your formal staff training options for GDPR compliance. It's smart, it's affordable and it's absolutely necessary for any organisation working with personal data.
Last year, David Reed's shockingly good Data IQ blog post suggested some cracking ideas for how to actually make this day useful and to help join in with its purpose. I've included some of them in the handy list below.
Other things you could do on January 28th (or Monday 29th if you don't work on Sundays):
- Check your staff are onside and know exactly who has access to data and in what circumstances. This allows for controls and monitoring to be put in place; wrap training and a governance culture around that and you will be in a better place. If you don’t have that map of data users, "start drawing it today" is David Reed's advice.
- Check in with your customers. Your brand values may be about transparency, fairness and straight dealing, but is that how your customers experience it when being asked to provide their data? Encourage staff to be actively open and honest to customers about what they do with their private data.
- Check your business model and consider if you really need all of the data it is currently capturing. If you don’t know where the minimal data threshold is for what you do, this is a good opportunity to think about the options.
- Celebrate Work Naked Day a little early.
We'd love to hear your thoughts on International Data Protection Day. What will you be doing? Did you even know it existed? Do we dress up? If you have any good ideas for events and activities, or top tips to raise awareness and promote privacy and data protection best practices, let me know and I'd love to put them all together into a downloadable infographic.
Right, I don't know what the boss will think of this, but inspired by January's offerings I'm going outside to forge friendships with a squirrel or two...