International Data Privacy Day 2023: Organisations brace for growing demand

International data privacy day this year was more than an annual corporate event to pass resolutions for better online security and protection. Organisations of all sizes now need serious investments in the domain with ever-growing online threats, increased regulations, and rising demand for professionals.

On January 28, 1981, the Council of Europe – the human rights organisation founded post World War II – signed the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data. January 28 was first observed as a European Data Protection Day in 2007. At present, the United States, Canada, Nigeria, Israel, and 47 European countries celebrate the event.

The meaning of data privacy and data security has evolved over the years parallel to the development of modern-day computing and the internet. However, experts say data security and data privacy are not the same, even as they are being used interchangeably.

“While data security is about protecting data from malicious threats, privacy is all about using that data responsibly. Data security uses technologies and concepts such as firewalls, user authentication, and access management, along with internal security practices to prevent unauthorized access to data. However, data privacy is more concerned with how an organization stores, processes, or transmits data, and whether these practices are compliant with privacy laws and regulations. We can say that data security focuses on policy enforcement to protect data, while privacy reflects on the responsible usage of data,” said Neelesh Kripalani, Chief Technology Officer of IT services and consulting company Clover Infotech.

The government in November 2022 released the draft Digital Personal Data Protection Bill for public consultation, making data privacy a more critical business priority for Indian companies.

Kriplani said “The data privacy landscape, India and abroad, was going through a tectonic shift. Earlier, the customer was largely unaware of the way their data was being stored and utilized. However, now they are digitally more connected, and are mindful of their ‘Rights to Privacy’. In this scenario, businesses need to evolve and start thinking of the ways they can build trust and loyalty in their customers.”

Preekshit Gupta, Vice President of the identity and risk orchestration platform Bureau.id said flaws in data privacy practices can cause fallout for organisations far greater than just legal consequences. 

“Data Privacy Day is a reminder that data privacy is a fundamental right, and companies must take all necessary steps to ensure the safety of customers' data. With the emergence and growing usage of new-age technologies like artificial intelligence and machine learning, organisations can use them to detect and prevent data breaches, identify fraudulent behaviour and protect user privacy. Machine learning algorithms can process large volumes of data to identify potential threats and protect user data,” Gupta said.

The increased compliance requirements have also made data privacy a growing career option. According to a recent report by data privacy and cybersecurity provider Tsaaro, over 41 per cent of respondents said a lack of competent resources was the biggest challenge in forming a privacy programme. It says both legal or compliance and technical privacy roles at enterprises were understaffed, and the issue has worsened since last year.

LinkedIn has a total of over 119,000 available listings for data privacy employment. Employment website Glassdoor has over 85,000 open data privacy positions, the report said.

Considering a growing need for skilled people in the area, the industry body Data Security Council of India (DSCI) has trained 1,300 professionals across the country. Vinayak Godse, the chief executive officer of DSCI said the Privacy profession has been undergoing a lot of flux as the demand for skilled Privacy professionals continues to rise at all levels.

“The role of a Data Protection Officer has assumed a lot of significance as organizations are mobilizing efforts towards strengthening their Privacy leadership positions. Businesses have been proactively re-evaluating their data strategies to create novel possibilities for servicing customers, creating opportunities as well as meeting the privacy expectations of consumers, and regulatory authorities. The Data Protection regulators are keenly focused on driving meaningful compliance and enforcement of the legislation,” Godse said.