Is personal data protection still topical?


Andrea Garajová, Quality and Internal Processes Manager, ANASOFT

January 28th is Data Protection Day. It is the day we remember the importance of protecting the most valuable thing we have, our data.

Personal data protection is still topical, especially in relation to its implementation in the processes of companies and organizations. The year 2020 showed us that even after the enormous media “boom” surrounding the arrival of GDPR regulations a few years ago, we cannot relax in the protection of data. In particular, we need to deal with it on a technical level.   

  • The security incident regarding insufficient data protection of more than 100 thousand patients tested for Covid in the State application, e-zdravie;
  • Insufficient data encryption and data breach of the Ministry of Home Affairs of Australia of 774 thousand migrants and those aspiring to migrate to Australia, which the ministry itself was unaware of;
  • The ransomware attack on Jack Daniels resulting in the theft of 1TB of sensitive company data on employees, contractual agreements, financial statements and internal communications;
  • The leak of login information of approximately 380 thousand Spotify This data was afterwards used to create an unencrypted, freely accessible database on the internet;
  • The 120 million dollar fine imposed on Amazon and the 42 million dollar fine imposed on Google by the French CNILfor the violation of local regulations related to the location of cookies without the consent of visitors to their French domains;
  • An attack on the infrastructure of FireEye, a cybersecurity company, which resulted in the theft of penetration tools for testing the security of the company’s clients;
  • An attack on the platform of SolarWinds, used for the security monitoring of the infrastructures of organizations, including servers, work stations, mobile devices and IoT devices. U.S. federal agencies, such as the Treasury Department and the National Telecommunications and Information Administration have also been victims of malware attacks.  

How to protect your data

Everyone should protect their data as much as possible, and everyone should at least be aware of:

  • Who they give their data to– do I know the company to which I want to offer my data? Do I know its reputation? Is the information published by this company sufficiently clear, transparent, and understandable? Do I know what its privacy policy and the general terms and conditions include, do I know what I am committing to?  
  • The range of the offer – Do I know the type and extent of the data I am providing? Are all of the data requested by the company necessary to achieve my goal?
  • How long they will offer them – Am I sure that my data will not be processed indefinitley?
  • The guarantee that the company or organization offers– Do I know about the security measures implemented by the company? Am I informed about the third parties to whom my data is provided? Is my data transferred outside the EEA? 
  • My rights– Am I aware that I have the right to be sufficiently informed about the processing of my personal data, to object to processing, to request the deletion, editing, transfer or copying of my personal information, or access to my personal information?

It is equally important to think about granting consent to the processing of personal data on various websites (where there are oftentimes forced consents for sending information such as marketing information) or during the installation of various apps, be it on a tablet, smartphone, or computer. Many of these applications do not require access to lists of phone numbers or images for them to run properly, but nevertheless they are requested.  

data Protection and cyber security

These days, no company or organization can state that the security and protection of data (be it personal or company sensitive data) is not a problem

Attackers aim at companies and organizations of all sizes, working in various areas. Even the largest companies in the IT sector are not exempt from attacks.  

We have seen violations of rules regarding personal data protection by giants such as Google or Facebook.

We have also seen leaks of personal and other sensitive information. This trend is rising, thanks in part to the fact that many companies or organizations underestimate the importance of data protection.

According to the statistics available on CSIRT, the most common types of cyberattacks in 2020 were precisely the ones aimed at the unlawful acquisition of information (phishing, social engineering), intrusion attempts, vulnerability and others.

According to the newest 2021 report by the world economic forum, which deals with global risks, the shortcomings of cybersecurity regulations are among the greatest probable threats for the upcoming 10 years. Aside from infectious diseases, the failure of IT infrastructure is included among risks with the gravest outcomes for the next decade. This points to the reality that cybersecurity measures of companies, governments and households will become outdated and/or obsolete in the upcoming years due to the gradual growth in the number and sophistication of the cyberattacks.     

The failure of cybersecurity regulations is considered among the highest probable threats for the upcoming 10 years. Furthermore, aside from infectious diseases, the failure of IT infrastructure is included among the risks with most grave outcomes in the next decade. 

8 questions to ask for data security and protection  

For a long time now it has not been enough to have our terminal equipment protected by antivirus programs or to use a Firewall to secure the network perimeter. Data security and protection is a complex topic, and this is why it is good to ask the following questions:  

1. Do you know which are the most critical places of protection of sensitive data?

2. Have you implemented effective security measures which do not only remain on paper? (for example, data protection with encrypting support and pseudonymization)

3. Do you have a real overview of the handling of sensitive information? (for example through the monitoring of important security incidentsor DLP)

4. Is the protection of your confidential information targeted at the most vulnerable point in its life cycle? (for example, database security)

5. Do you know the extent to which your information systems are immune to cyberattack threats?

6. Do you feel that the firewall is sufficient for the protection of your infrastructure?

7. Do you know how to proactively avoid incidents related to data leaks and personal data protection?

8. Do you know which protective technologies and detection tools are worth investing in?

What could interest you

Password as the First Instance of Protection

Did you know that every 39 seconds a hacker attack takes place, over 2,600 personal records are stolen every minute and that cybercriminals make more money than the trade in drugs?

Data Protection in the Times of the Coronavirus. 7 Tips on How to Share Work Safely

The economy is undergoing significant transformations in this time of the spread of the Coronavirus. Companies which haven’t cut back on their activities, have transferred work-related tasks to team members working from home.

Life in data. How to protect data on your computer?

These days, a computer normally accompanies a person all day long. Very often it is a working tool, a way of connecting friends, a way of sharing important things, an assistant with housework or a partner for free time.