International Data Privacy Day might seem like an odd holiday, especially for businesses to observe. That’s what we thought about Earth Day, launched in 1970, and today companies around the world announce their public support every year. International Data Privacy Day marks the day – back in 1981 — that the Council of Europe recognized the importance of the right to privacy with a treaty. *
This Data Privacy Day, Jan. 28, finds Europe looking ahead to major new privacy rules in the form of General Data Protection Regulation (GDPR) to be enforced starting on May 25. And this has given us an opportunity to address privacy the way we have come to respect environmentalism. It’s everywhere, it’s everyone’s business, and it’s good business.
As I have worked to ready McAfee for GDPR, one thing I have learned is that it truly takes everyone to focus on the protection of data. I’ve been privileged to meet and work with hundreds of my McAfee colleagues to sort out what GDPR prepared means to us, from security architects, lab folks, the product teams, and great messaging people. It takes a city, not just a village, to get ready for GDPR.
This year, most data protection professionals will celebrate Data Privacy Day on Thursday, January 25th, just four months before the official enforcement date for GDPR. One of my favorite things to come out of the many conversations about GDPR is a new slogan: Great Data Protection Rocks. The slogan, compliments of our senior writer Jeff Elder, captures my thoughts perfectly — Great Data Protection is not just good digital hygiene and good technological maintenance. It’s an admirable, even cool, ideal, and it’s part of McAfee’s Culture of Security, described by chief executive Chris Young in December in New York. “Ten years ago, if I were to ask a CEO about cybersecurity, he might say, ‘Yeah, I’ve got some guy in IT that’s working on this.’ Now everybody cares and I think that’s going to make a big difference,” Chris told CNBC’s Jim Cramer.
He’s right: Security in general and data protection are not big, monolithic initiatives achieved with one initiative, but rather require the whole city to have a Culture of Security – and you don’t get that by writing checks, or by formulating one list of best practices. We won’t be washing our hands of data protection and putting a bow on top on Data Privacy Day, on May 25 when GDPR goes into effect, or ever. If that sounds ominous, you may be looking at it the wrong way.
My colleague Mo Cashman, Director Sales Engineering, Principle Engineer lays out the journey to real culture change: “First think of security strategy in terms of governance, people, processes and technology. Then consider the security outcomes you need to be GDPR-ready, and the relevant solutions.”
Great Data Protection means all of us being advocates for good practices. It means making sure you know where you are putting your data, and knowing what protections exist when you use cloud applications… It means saying no to an organization that wants to bypass privacy, security, or vendor practices and do a quick-and-dirty connection to your database or even your brand’s social media accounts. That’s not cool. It’s the equivalent of your company disposing of waste in environmentally harmful ways.
It’s also bad business because winging it every time you handle data is a waste of time and energy. Nailing down good practices that everyone can adhere to every time is economical in many ways. Making that effort a real and admirable value of your company is a beautiful thing.
I confess to being a bit of an International Privacy Day geek (my mother has it written on her calendar and calls and wishes me a happy day). I generally get a cake and try to touch base with far-flung data protection colleagues. But the early companies that embraced Earth Day look good now. If Great Data Protection Rocks seemed a little dorky in 2017, I’m good with that. We’ll keep your data safe until you come around.
* The treaty, the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data,anticipated the cross-border transfers of data that we take for granted now.
The information provided on this GDPR page is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material, or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication.