As we observe Data Protection Day 2025, it is time to reflect upon what data privacy truly means. With data breaches and cyber attacks continuing to rise, it is more important than ever to ensure that strong online safety and data protection practices are implemented.
The importance of data protection can sometimes be overlooked, with many forgetting just how much of a negative impact data breaches can have on people’s lives; the ICO reported that 69% of people who experienced a data breach reported that it caused significant distress, including loss of trust and even financial loss.
So what can be done to avoid this?
Proactive approach
Taking a proactive approach when it comes to data protection is key. As highlighted by Glenn Akester, Technology & Innovation Director – Networks & Security at Node4, “It is vital that organisations start taking a proactive approach to data security, rather than driving it forward solely on an incident-by-incident basis. In the long term, recovery proves to be significantly more expensive than the costs associated with protection and defence. Business leaders need to conduct risk impact assessments to help narrow the focus on protecting the assets and data that matter the most to their business.”
Akester carries on to say, “With that foundation in place, organisations, no matter their size, have the basis for building an effective data protection and security strategy that is fit for purpose and can grow in sophistication over time.”
Maintaining high standards and compliance
Data protection is not just a one-off fix; organisations must maintain their protection standards at all times. Bruce Kornfeld, Chief Product Officer at StorMagic, recognises this, noting that “Data Protection Day serves as an important reminder for organisations of all sizes to maintain their data protection standards year-round.
“CIOs must institute a comprehensive security framework that addresses as many vulnerabilities as possible while staying within budget,” he adds. “Businesses need to put in place strong data encryption policies so that if any bad actors make it through the security protections, the data they retrieve will still be unusable – and customer privacy will be maintained.”
Ensuring compliance with data protection regulations is also important for businesses, with Paolo Platter, CTO and Co-founder at Agile Lab, emphasising that “you can’t protect your data if you don’t know how much you have or where it is. Regulations such as GDPR and NIS2 put added pressure on businesses to have full visibility, as failing to adhere to these directives means that not only are companies at risk of data breaches, but they also risk data misuse.”
He continues, “Automating key data management operations, such as data contracts, can play a vital role in governing and monitoring data processes, providing IT and security teams with greater oversight of the data and a better ability to protect it.”
Data resilience and recovery
In today’s ever-evolving threat landscape, organisations must prioritise rapid recovery and minimising downtime to bolster their cyber resilience. Darren Thomson, Field CTO EMEAI at Commvault, explains that “businesses must embrace the concept of a minimum viable company – the ability to maintain essential operations and services even in the aftermath of a cyberattack. Traditional reliance on backups is no longer enough, as cybercriminals have adapted, embedding malware into backups or using sleeper ransomware that activates after restoration.”
“Having a minimum viable company requires the ability to restore critical systems in a secure, malware-free environment, which is possible today thanks to virtual cleanrooms in the cloud,” says Thomson. “These environments can be adapted as needed, allowing for regular testing at a minimal cost and ensuring rapid, reliable recovery when it matters most.”
Today’s IT environments are just as complex to manage as the threats posed to them, hence the fundamentality of protection. “Data storage is just as susceptible to cyber threats as the rest of the IT environment – unless you make a protected copy of your valuable data that is accessible only to authorised personnel,” implores the LTO Marketing Team.
They believe that “organisations should prioritise data resilience by maintaining one copy of their critical data stored offline and offsite. Being offline, with an air gap, prevents a daisy-chain effect wherein a threat bypasses cybersecurity defences to jump across from one system to another; being physically off site ensures that no one can cause damage to the storage units themselves.”
Integration of AI
As is the case with most aspects of technology today, AI is having a significant impact on data protection. Martin Davies, Audit Alliance Manager at Drata, spotlights this, “It is essential to implement ‘privacy by design’ into AI systems by default rather than bolting on privacy in retrospect. This not only ensures compliance with data privacy regulations but also builds trust with users and creates safer, more secure digital systems.”
Davies adds, “As more regulatory frameworks are created around AI, over time organisations will face increasing pressures to develop more secure systems with the appropriate risks in mind. Organisations that get ahead of this now will be best positioned to compete in an ecosystem that protects consumers while also allowing AI to continue to grow.”
There is a lot that organisations can, and should, do to achieve enhanced data protection. By taking these insights, while utilising both old and new techniques and technologies, the safety and resilience of businesses’ data can be ensured.
