New year, new resolutions! What 2023 will bring us in terms of privacy may be hard to say, we have compiled 4 GDPR New Year’s Resolutions with an emphasis on awareness, responsibility, and clarity that you personally and your organisation should keep in mind in the coming year.
Resolution 1: Treat online data like you treat your physical assets
Imagine that you had only one key for all your physical assets ie your house, mailbox, car, and office. What might happen if you lost this key? Perhaps not that much. But now imagine that all your neighbours, shops you visit, and anyone else that you interact with has your key. Now apply this situation to your valuables in the digital space. Your key is your password, we often use one password for many occasions – to make purchases, file tax returns, or handle municipal affairs. The key can potentially be leaked – not just by you – but by any of the parties involved. The consequences may be the same as in the real world.
This year, let’s try to treat our online data just like we would treat our physical assets. Having strong passwords without re-using them is therefore very important. Take conscious measures to protect your e-mailbox: start with using a password manager to generate and manage random passwords and set up (non-SMS) 2-factor authentication.
Resolution 2: Trade ”questionable apps” for more privacy-friendly alternatives
Treating your data like you would treat your physical assets also means considering more privacy-focused alternatives to existing apps. As an individual, you may want to consider using Signal as your messaging app. It is a more privacy-oriented alternative to current popular apps and is recommended by many privacy and security experts.
However, as individuals, we often depend on the apps that are used by others, e.g. by our friends or our employer. Therefore, organisations can play an important role here: they should recommend and arrange more privacy-focused tools for their users and employees. Such tools process only information that is necessary for the functioning of the application and avoid gathering and monetisation of personal information.
All in all, let’s try to choose privacy-focused apps over their less privacy-focused counterparts and let’s continue to speak up about the importance of privacy-friendliness in apps (that sometimes prevails over ease of use), so that organisations hear our voice.
Resolution 3: Increased responsibility about handling data in organisations
Speaking of letting our voice be heard: organisations should not only think of privacy as just a legal obligation but also as a manner of demonstrating responsibility, taking ethical considerations into account. They should help customers to acquire knowledge about privacy and security in their services because only then they are able to make an informed decision on what services to use.
Organisations could, for example, publish aspects of their performed Data Protection Impact Assessment (DPIA) – such as how their interests are balanced against those of the data subjects involved – to create more awareness for their customers and users.
Resolution 4: Increased clarity regarding compensation caused by misuse of data
Headlines about fines against organisations– because they have violated a particular aspect of the GDPR – are becoming increasingly common. However, what we hear less about is compensation that data subjects receive after being impacted by a data breach involving their data. The right to compensation is also a right that data subjects have under the GDPR.
The European Data Protection Board (EDPB) has written many guidelines on different topics in the GDPR. The EDPB should aim for more clearness about the possibilities of compensation for individuals. This would not only give individuals a better way to understand their rights but would also offer organisations a more detailed insight into the possible consequences of unlawful ways of processing personal data.
In conclusion, let us not throw out these key resolutions in the first weeks of 2023 as so often happens with our New Year’s resolutions. Instead, let’s commit to one final resolution: let’s keep spending attention to privacy, not only because it’s our job, but especially since it is important and considers all of us.
At O’Dwyer Power we can work with you to review your current GDPR practices, give you advice on what is required to ensure your company is on the right track and work with you along the way to help you complete the necessary tasks. For more on our services go to https://odwyerpower.ie/compliance/