International Data Privacy day
The use of technology is fast becoming an integral part of our lives and this means more applications are collecting our personal data now than ever. A lot of people however have no idea what type of data they are giving to these apps, why those data are collected or what purpose they are collected for. This is why every year, on the 28th of January, Data Privacy Day is celebrated to create awareness and emphasize the importance of data privacy for organizations around the world.
Role of Data Privacy Regulations
Collecting and sharing data is an essential part of conducting business and Organizations are usually entrusted with the task of ensuring data privacy of their customers, employees and third-party. To this effect, there are several Data Privacy Regulations e.g., ISO/IEC 27701, EU GDPR, NDPR and so many more that can help Organizations ensure Data Privacy. Staying compliant with these regulations does not just require that organizations implement a set of controls but also review and update them as the need arises.
There are several controls that organizations can implement depending on the nature of the business and the assets to be protected. Below are some ways that can help organizations ensure the Privacy of Data
- Third Party Relations – For Organizations that have third-party affiliations, it is important to ensure that the Third Party is also compliant with Data Privacy Regulations as any non-compliance on their part be costly to their partners too. A good example of this is the Ransomware attack by a Russian operator who claimed to have stolen blueprints of Apple’s latest MacBook designs from its Supplier (a third-party) in April 2021.
- Conduct Regular Audits – Conducting Audits help organizations to get an overview of their security posture, where they are and where they want to be, how they can better align their strategies with security objectives. Regular audits will guide them to adopt better controls that will meet their objectives
- Adopt a Privacy Framework – Organizations should adopt one of the available Data Privacy frameworks if they have to stay compliant with different Data Privacy regulations. The frameworks have been structured in a way that will ensure the confidentiality, integrity, availability of data and also identify potential security risks to the organization.
- Foster Trust – People are aware of the dangers of exposing their data hence there is an increased concern of how their data is being managed by organizations. More organizations should aim at being transparent about their processes and demonstrate how they prioritise Data Privacy. This will increase the level of trust and also give a competitive edge.
It is important to note that organizations in Nigeria are now more aware of the need to take data privacy and protection seriously due to the introduction of NDPR by NITDA and we hope to see more compliance practice as we move down into the year.
By Raliyah Adamu Manu