What is Data Privacy and Protection? Why Is It Important?
In a time when many aspects of one’s professional and personal life are becoming digital, Data Privacy and Protection are two interrelated governance issues. While Data Privacy is a branch of data security concerned with the proper handling of data – consent, notice, and regulatory obligations, Data Protection is a legal mechanism that ensures privacy. The rising importance of Data Privacy can be assessed on the basis of the July 2015 appointment of the first UN Special Rapporteur on the Rights to Privacy in the Digital Age. It also recognizes the need to address data privacy rights and protection issues at the global as well as national levels.
On the global level, the legal instrument for the protection of privacy is the International Covenant on Civil and Political Rights. Similarly, in Europe, the main instrument on privacy and data protection is the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, of 1981. And despite being a regional body, it is open for accession by non - European states as well. We get another important legislative framework for the processing of personal data from the EU Data Protection Directive (Directive 95/46/EC). This regulation ensures effective data protection in the current technological environment. Today, nearly all countries have enacted data privacy laws and empowered authorities to enforce those laws.
Organizations commonly believe that keeping sensitive data secure from hackers means they’re automatically compliant with data privacy regulations. This is not the case. Data Security and Data Privacy are often used interchangeably. And Data Protection is the Force Behind Our Right to Privacy.
However, despite recent developments in data privacy legislation and practices, consumer’s privacy is often invaded by companies and governments. And while you can have data protection without data privacy, you cannot have data privacy without data protection.
How to Ensure Data Privacy and Protection?
The first step to ensure data privacy and protection is to establish a transparent data protection policy. Additionally, the company should also be aware of and follow the standards established by the global regulatory bodies with regard to Data Privacy and Protection. For instance, the General Data Protection Regulation (GDPR), enacted in May of 2018, aims to protect EU citizens’ personal data. It is already displaying major effects on companies in Europe. A company has to undertake many tasks to achieve and maintain compliance with the GDPR. These range from transparent consent from consumers to the right to request data from companies to the right to delete the customers’ data, among others. It places security obligations on companies holding customers’ data.
The second step requires training of employees in handling data. The employees need to understand and strictly follow the processes and procedures necessary for proper collection, sharing, and use of data. It is imperative that a company regularly trains its employees in this regard. Personnel training plays a very important role in data privacy and protection within a company. A company should bring in place a Data Security Platform (DSP). It is a category of security products that replaces traditionally disparate security tools. They integrate data protection capabilities, which include data discovery, access, governance, etc. with security technologies.
Forrester's Data Security and Control Framework
Source: October 2017 Forrester report, The Future Of Data Security And Privacy: Growth and Competitive Differentiation
The third step to Data Protection is of course the protection of physical infrastructure, ensuring that all physical access is defended with top-notch security such as biometric access control for the offices, 24x7 CCTV surveillance, and data encrypted secure server rooms. The businesses should make sure that each endpoint device is secured with antivirus software to prevent any kind of corruption of data. Data Loss Prevention (DLP) should be implemented to prevent anyone from copying or taking client information through USB ports. In addition, there should be regular audits to ensure compliance, and prevent any kind of breach.
Why is Data Privacy Important?
There are two drivers for why data privacy is one of the most significant issues in our industry.
First, In the given rising data economy, data is one of the most important assets a company has. There is an enormous value attached to collecting, sharing and usage of data. This implies that in order to build trust and accountability among all the stakeholders, customers, and partners alike, it is important to see how businesses maintain transparency in requesting consent and abiding by their privacy policies.
Second, privacy is the right of an individual to be free from uninvited surveillance. To safely exist in one’s space and freely express one’s opinions behind closed doors is critical to living in a democratic society. And it is important to save this right. Thus, we need data privacy and protection.
 - https://gdpr-info.eu/