The importance of Data Protection Day - Comments from Zscaler
January 2019 by Rainer Rehm, EMEA Data Privacy Officer at Zscaler
Today, 28th January, marks the annual Data Protection Day, created by the Council of Europe in 2006. On this date, governments, parliaments, national data protection bodies and other actors carry out activities to raise awareness about the rights to personal data protection and privacy. Rainer Rehm, EMEA Data Privacy Officer at Zscaler has commented on why this day is becoming more and more important.
“In today’s digitally transforming world, keeping data protected has become increasingly difficult. Between a lack of awareness, unintended user actions, system glitches, and increasingly sophisticated cyber adversaries, preventing data loss is no mean feat.
“With increasing risks and expanding regulations for data protection, organisations must focus on closing security gaps that have emerged in the era of cloud and mobility, as we mark this year’s Data Protection Day. Indeed, as applications move to the cloud, users are accessing them directly everywhere they connect, which creates blind spots as users bypass security controls while off-network.
“In the era of GDPR the stakes have never been higher for those that fail to ringfence their organisation’s most sensitive assets. Indeed, towards the end of last year, we saw incidents on an unprecedented scale, involving the Marriott hotel Group and multiple airlines including British Airways. And more recently, Google has been fined £44m for a breach of the EU’s data protection rules. Those organisations that are fully GDPR-compliant are still a minority, almost a year since the regulation took effect, despite the fact that data privacy regulators have sharper teeth than ever before.
“With hacks becoming more sophisticated, and companies failing to adequately protect their customers’ data, the core values of Data Protection Day are becoming more important than ever. While the date provides a good reminder for us all of the currency of data today and the serious consequences of failing to secure it, it is vital for organisations to implement processes that are appropriate for today’s increasingly digital corporate network. For instance, minimising the risks of users bypassing security controls when connecting direct-to-cloud, and by eliminating blind spots by inspecting all SSL traffic, which typically conceals sensitive data. Ultimately, without visibility and control, organisations are at an increased risk of data loss, either due to unintentional or malicious reasons.”