Image

Monday, 28 January is the internationally recognised day for Data Protection.

Privacy and data protection consultancy firm priviness, which positions itself as ‘human rights champions’, is calling for companies to be aware of both the moral and economic dangers of personal data breaches.

This week, Google were fined €50m for a personal data breach.  The company were found, by French data protection authority CNIL, to have been processing personal data without informing its customers or collecting the appropriate consent.

Founder of priviness, Sandy Gilchrist, explained: “In my mind, this is a landmark case.  CNIL responded as if Google had infringed human rights, which was a wholly appropriate response.  People tend to associate a ‘personal data breach’ with issues such as hacking or leaks.  But if you don’t know what’s happening to your personal data your fundamental rights and freedoms are being impacted.  That’s why Google got fined.”

Mr Gilchrist reports that the vast majority of companies are not adequately protecting personal data.  He champions protecting human rights but also points out the economic implications.  Companies in breach of compromising personal data risk a fine of 4% of annual global turnover or £20 million.  

He said: “Given Google’s annual global turnover of $110bn, they got off fairly lightly for such an infringement of human rights and lack of transparency.  However, morally and in terms of customer trust they’ll have lost out considerably.

“People are fed up of big companies letting them down in relation to their data.  We see priviness as advocates of human rights.  We want to defend individual’s rights by educating the business world on their privacy and data protection obligations.  We want companies to be transparent and not to lose the moral high ground.”

Data Protection Day was started in 2006 by the Council of Europe as a response to the increasing use and processing of individual’s personal data.  On January 28 the Council held its first data protection convention, known as “Convention 108” and was opened to signature.  Data Protection Day is now celebrated globally and is called Privacy Day outside Europe*.

Mr Gilchrist founded priviness to provide guidance to businesses regarding their privacy and data protection obligations.  The company offers training, drafting of policy and process documentation, audits, and implementation services.  Organisations not based in the EU can also instruct priviness as their representative in the EU – it is a GDPR requirement to have a representative in the EU if organisations outside the EU are selling to individuals in the EU.