Data Protection Day

On 28 January each year, member states of the Council of Europe and EU institutions, agencies and bodies celebrate Data Protection Day, which marks the anniversary of the Council of Europe’s data protection convention, known as “Convention 108”.


On 28 January each year, member states of the Council of Europe and EU institutions, agencies and bodies celebrate Data Protection Day, which marks the anniversary of the Council of Europe’s data protection convention, known as Convention 108. This was the first binding international law concerning individuals’ rights to the protection of their personal data.

---

In view of the forthcoming reform in the privacy field with the full application of the General Data Protection Regulation as of May 2018, the European Commission published information on the rights for citizens in personal data protection and the rights that could help us to take back the control of your data.

The main topics addressed by the Commission are:

Personal data protection – How is my personal data protected?

Rights – What are my rights and what information should I receive?

Redress – What should I do if I think that my personal data protection rights haven’t been respected?

More information in here.

---

This year to mark the occasion, the trainees of the European Data Protection Supervisor (EDPS) held a lunchtime conference focusing on data protection and digital ethics in the realm of dating apps. The conference took place on 12 February 2018 between 12 noon and 2.30pm in the European Parliament and was open to trainees working at the European institutions.

---

EUROPOL also commemorated the Data Protection Day with a special address by the Executive Director Rob Wainwright.

This brings to mind a general reflection on how and why Europol has reached this point, across the almost nine years I have spent leading the European Law Enforcement Agency. And I would be lying if I would say that all of these thoughts on this subject were always positive.

Much of the discussion on GDPR in business has focused on the fines of up to 4% of the worldwide revenue or €20 million, whichever is higher, that can be levied for non-compliance.

Europol’s lessons in making the principles of robust data protection work effectively in the interests of data analytics and data security has been a highly positive one for our Agency, and a real eye-opener for me. Keep your data processing and storage clean, targeted and simple and gains are generated across the board. One of the key principles in this context is data protection by design, i.e. the due consideration of data protection requirements from the outset of any development regarding new processing operations.

Perhaps the biggest lesson in all this is that data protection should not be regarded as a burden. If the Executive Director of a transnational law enforcement agency can discover his passion for data protection, any CEO of a data driven private business enterprise can, too – it’s up to you to establish the data protection culture it takes in order to be successful in the digital age!” [excerpts from a blog post by Rob Wainwright, Executive Director of EUROPOL]

---

The national Data Protection Authority - Commission for Personal Data Protection (CPDP), also plans to celebrate the Data Protection Day with a solemn program in the administration’s building.

In view of the upcoming changes in 2018 and the planned celebrations, CPDP published guidelines on the practical implementation of the General Data Protection Regulation defining 10 mandatory steps to meet the new requirements:

1.Understanding the new data protection regulatory requirements

2. Internal analysis of the activities of data processing

3. Assessing whether there is an obligation to designate a Data Protection Officer

4. Risk management in relation to the protection of personal data

5. Adopting an action plan for the implementation of the required technical and organizational measures

6. Review of the legal bases for processing of personal data, including the cases based on the consent of the individuals

7. Informing data subjects and maintaining transparency of processing

8. Guaranteeing the rights of the data subjects

9. Notification in cases of data breaches

10. Documenting and applying the principle of accountability

You could find the whole document in here. (in Bulgarian only)