Have you ever had an encounter with a person, who confronts you with a blunt observation: “Hey, you look familiar. I know you from somewhere, where have we met?” It might feel strange, if you don’t recognize the person asking.
How much do you value your privacy?
Encounters like the one described above might be a part of everyday life to public figures, such as movie stars or other celebrities. But if you are working in a non-public-profession and live a private life, it could feel just a bit invasive to be recognized by a person that is not familiar to you. What else might they know about you in addition to recognizing your face? Think for instance if that person knew your education, your profession, who you communicate with, what your interests are and how you spend your free time. How about if he or she also knew your marital status, your and your family’s exact real-time location, or even personal health data?
Still, this is exactly what some companies might know about you, or at least what they might want to.
As technology has brought us smartphones, internet, and social media platforms, we are being offered an increasing extent of attractive trade-offs for privacy. By sharing some of our personal information, we can get our hands on interesting offers, online services, or mobile apps. These trade-offs should be handled with caution.
Indifference in sharing personal information could manifest itself in harmless encounters, such as the one described above. But it could also lead into more detrimental situations, such as identity thefts, unauthorized access to your bank account, or other commitments made in your name. Companies that may have data on you from multiple sources could combine it in order to make the data more relevant and more detailed.
Legislation has been passed vigorously over the past decade to tackle these challenges and to give back individual control of personal data and to require companies and public entities to enforce data security. Still, legislation usually drags behind the evolving technology, and therefore, consumers should always use their own consideration for protecting their identity and data wherever their personal information is requested.
How are you legally protected?
Did you know that the right to privacy is a human right? The first legally binding international instrument on data protection, Convention 108, was introduced back in 1981 on this very date 28th January by the Council of Europe. This date later in 2007 became known as the international Data Protection Day, Data Privacy Day or Tietosuojapäivä (in Finnish).
Did you know that the right to privacy is a human right?
The more specific rights for individuals, and requirements for companies in the EU are today profoundly implemented in the General Data Protection Regulation, the GDPR. Framework that the EU has laid out has shown flexibility and market inclusiveness still underpinning the individuals’ right to protection of their data in the digital sphere.
It is estimated that by this year, half our planet’s population will have its personal information covered under local privacy regulations in line with the GDPR. We can in fact state that the GDPR started a new era of data privacy. Privacy legislation motivated by the GDPR have been recently adopted in California, USA (2020), Brasilia (2020) and in China (November 2021). Simultaneously, EU data protection authorities have issued record-high numbers of fines in 2021, which totalled to over 1 billion euros (seven times more than in 2020) and were addressed from small to conglomerate companies all around the EU.
In addition to the attention-grabbing fines, also data breach notifications are on the rise. Businesses can expect to face scrutiny around data transfer compliance in the context of audits, due diligence, procurement processes, and other compliance verification exercises throughout 2022.
So, what should you consider, when engaging in the online world?
The GDPR has laid out a framework where companies are required to observe the individual’s right to privacy depending on the legal grounds and purposes for which the personal data is being collected or used for. In many cases, background processes where personal data is involved, are often invisible to us, but the companies engaged in the processing are expected by law to meet certain requirements and take certain steps to protect your data by design and by default.
GDPR also requires that individuals are informed of the processing of their data in a transparent manner and that individuals are enabled to take control of their data. For instance, GDPR provides eight rights for individuals to exercise ranging from a right to access personal data concerning them to the right to have that data under certain conditions to be erased.
In addition to resorting to legal rights, each of us can consider the following rules of thumb, when engaging in the online world:
- Personal data is like money – value it and protect it; minimize sharing your personal data when there is no obvious requirement or benefit involved for you.
- What you post lasts a lifetime – think about who will see what you post, and how it will be received now and in the future.
- Own your online presence – set the privacy and security settings to a comfortable level for information sharing.
- Be aware of what is being shared – do not post e.g. a picture or a video online, which reveals information about others without their permission.
- Think before you act – sometimes you might be approached with a good-sounding offer. Be aware, it could be a plot to unlawfully acquire your personal details for wrongdoing.
- Pay attention to data security – Protect your private online presence by using secure technologies such as secure browsers and turning on a two-step or multifactor authentication whenever offered.
How is privacy and data protection taken into account at Solteq?
Solteq is a European corporation, and thus applies the General Data Protection Regulation (GDPR) across all its branches and business-units to the full extent. In addition, Solteq is committed to abiding by the rigorous customer requirements in the fields of data protection, data security and company responsibility.
Solteq is a trusted partner and provider of top tier services and products to its customers – both nationally and globally. To achieve and maintain this trust, Solteq strives to design and implement the services and products so that personal data stays protected and confidential. Whenever new or existing technologies or services are implemented for Solteq’s customers, the privacy aspects are considered.
To mention a few examples on organizational commitments that are undertaken at Solteq:
- A company-level Information Security Management System covering e.g. data protection, risk management, and data security aspects across company business branches;
- Dedicated privacy resources including Data Protection Officer, Chief Information Security Officer, IT Director and Data Security Team to address security incidents and to proactively develop company-level data protection culture;
- ISO27001 data security certification and audits concerning group-level IT services;
- Management involvement through low threshold and recurring meetings between top management and members of the Data Security Team;
- Regular training of Solteq’s personnel by using a dedicated training platform with concrete examples and up to date content;
- Public reporting of Solteq’s actions concerning guidelines, monitoring and risk management of corporate responsibility, including data protection and information security, available on Investors page;
- Public privacy and cookie policies, available at the bottom of the page.
As we see it at Solteq, by offering solutions where privacy controls are in place, data is secure and the processing of personal data is transparent to individuals, we do not only enable our customers to enjoy services and products that are in line with the legal requirements in the field of data protection, but also enable consumers and individuals to take control of their data and private sphere.
With these words, I wish you a great Data Protection Day on January 28, 2022!