International Data Privacy Week 2025: Taking control of your data 

This year’s theme 'take control of your data', encourages us to take a proactive approach in managing our own personal information, rather than passively allowing it to be collected, shared, or exploited. In previous years, many people were unaware of how much control they had over their data. 

However, with the rise of data privacy laws, secure technologies, and privacy-enhancing tools, individuals now have the power to make informed decisions about how their information is collected, shared, and used.

Did you know that in 2024, UK businesses faced 7.78 million cyberattacks. Additionally, over 400,000 cases of computer misuse were reported, with the average cost of a cyberattack to a UK business reaching £3,230.

How oto start taking control of data within your business - ICO’s top tips: 

1. Make a list - Write down the types of personal information you collect or plan to collect. You need to be able to account for all of it.

2. Ask why you need the information - Only collect the data you actually need. Always use data in ways people expect, and ensure you have a valid reason for collecting it.

3. Think security - Protect the data you hold. Use stronger security for sensitive or higher risk information.

4. Be transparent - Inform people why you need their data, who you’ll share it with, and how long you’ll keep it. A privacy notice can help with this, and make sure to update it regularly.

5. Data rights requests - People can request to delete or correct their data or ask for a copy, as it’s a legal right to know what personal information you hold about them. Set up a process to handle these requests efficiently.

6. Have a data breach plan - If data is lost, altered, or accessed inappropriately, it's a breach. Have an action plan ready and report the breach within 72 hours if needed.

7. Check registration requirements - Some businesses must register with the data protection authority and pay a fee. Use a self-assessment tool to find out if you need to register.

8. Set reminders - Stay up to date with data protection by checking for updates and setting regular reminders to review your compliance.

How can NQA support your data privacy goals?

⇒  One of the most effective ways to demonstrate a commitment to data privacy is by achieving UKAS accredited ISO 27001 (Information Security Management) and ISO 27701 (Privacy Information Management - Supporting GDPR Compliance) certifications. NQA can help you achieve these goals through our extensive e-learning and virtual training options.

⇒  ISO 27001:2022 is the international standard that provides a framework for Information Security Management Systems (ISMS) to provide continued confidentiality, integrity and availability of information as well as legal compliance. ISO 27001 certification is essential for protecting your most vital assets like employee and client information, brand image and other private information. The ISO standard includes a process-based approach to initiating, implementing, operating and maintaining your ISMS.

⇒  ISO 27701:2019 is an extension to ISO 27001 and provides a framework for establishing, implementing, maintaining, and improving a Privacy Information Management System (PIMS). It outlines how to protect personal data, manage privacy risks, and ensures that organisations are able to handle personal data in a secure and compliant way.

⇒  Adopting and implementing these standards is a great way of demonstrating to stakeholders that effective systems, assessed by a 3rd party, are in place to support compliance to GDPR and other related privacy legislation.

⇒  Find guidance and Information Security resources here.