Today marks the 18th Data Privacy Day, a recognised awareness day where “governments, parliaments, national data protection bodies and other actors carry out activities to raise awareness about the rights to personal data protection and privacy.”

That is according to the Council of Europe, who use the date to mark the date when Convention 108 was opened for signature in 1981. Specifically Convention 108 is “the first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data and which seeks to regulate at the same time the transfrontier flow of personal data.”

From a business perspective, Data Privacy Day falls as part of a week now known as Data Privacy Week. Sam Peters, chief product officer at ISMS.online, said: “Data Privacy Week highlights an important issue: Organisations and individuals alike face increasing risks from data breaches, misuse and regulatory non-compliance.

“With so much data shared online, data privacy must be at the core of every interaction – and both businesses and consumers can take important steps to take control of their data.”

Taking More Seriously?

As we have seen the enforcement period for both NIS2 and DORA arrive in the past few months, are we at a point where we are taking data protection more seriously now - and was there a point where we were not doing so?

Brian Honan, CEO of BH Consulting, says what we are seeing now is “an evolution in the cybersecurity regulatory landscape” as until the introduction of GDPR in 2018, many companies paid lip service to upholding individuals' data protection rights, as there were no significant penalties or enforcement mechanisms.

“However, once GDPR came into effect, supervisory authorities were granted the power to impose substantial penalties, prompting organisations to improve their data protection frameworks and related security practices,” he says.

Stew Parkin, global CTO of Assured Data Protection, says that the gap between regulation and real-world practices remains significant in 2025, as whilst organisations have improved compliance, “the challenges of enforcement and the increasing complexity of global digital ecosystems mean individuals often still trade significant amounts of personal data for convenience or free services.”

Give it Away

This is a major consideration for data privacy day: are we actually making any effort to protect our data? Or are we willingly giving it away and then complaining when we’re caught up in data breaches?

Honan says that sharing data carries risks, as many systems are designed to collect as much data as possible for monetisation, and some of these services may operate outside the UK or EU, falling outside the scope of these regulations.

“While technology brings many advantages, it is essential to remember that the cost of using a service or purchasing an item is not only the money you pay but also the personal data you provide as part of the transaction. Just like handling cash, we must remain cautious about sharing too much and losing control of our personal information.”

Parkin says he believes that many businesses are now revisiting how they collect, process, and store data, and investing in technologies that enhance security and privacy by design. “Despite this, there is still a significant gap between recognising these issues and implementing meaningful, actionable solutions,” he says.

“Ultimately, we’re seeing better practices emerge, but as a society, there’s still a long way to go to ensure that people are fully informed and empowered about how their data is used. Organisations, regulators, and individuals must continue to work together to strike a better balance between convenience and privacy in our increasingly digitised world."

Devastating Impact

One of the most interesting blogs that I’ve read in recent months was by the Information Commissioner John Edwards, who talked about the “devastating impact of data breaches”, in particular when they relate to health and medical conditions.

“To many organisations, a data breach might seem like a temporary setback - something that can be patched up with technical fixes and compliance reviews. But from the perspective of individuals - especially those in vulnerable situations - a breach can have a far-reaching ripple effect that disrupts their lives in ways that some may not fully appreciate.”

That is where we are with data breaches in 2025: those caught up in a data breach are too easily seen as statistics, when in fact this could massively impact their lives to have details disclosed.

Peters said that many organisations “talk about privacy but fail to act on it” and that data privacy policies are meaningless if they are not backed by robust systems that ensure accountability at every level. 

Also, Parkin said he is encouraged to see organisations “being forced to think more deeply about data protection.” This is because of stronger regulatory requirements, rising customer expectations, and the realisation that trust is now a key competitive advantage. 

As we are halfway through this decade, and some 34 years on from the opening of Convention 108, are we better at security now than we were in the past? It could be argued that the number of data breaches is enabled due to the amount of data held by companies, and a combination of attacker’s efforts to release that data and businesses’ incapability of securing it.

Alternatively maybe it is just because data is not being held securely and with adequate protection - and that is why we need regulations to keep businesses in check. As it is data privacy day, it is a chance to ensure individuals know that businesses are doing their best to secure their personal data, and that those organisations are reminded of their duty to protect.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.