What should be top of Santa’s list in 2022?

It’s almost time for the big man to arrive and deliver presents to all the nice children around the world. But there are few things he should start to seriously consider in 2022 as the ICyO and other jollystictions have dished out a fair few fines this year for unlawful data practices. In the third quarter alone, there were more than $1.1bm worth of fines issued – it sounds crackers but it’s true. Tipple the number issued in 2020!

As it’s the season of goodwill we wanted to share a few privacy pointers that St Nick and you should think about next year. Afterall, it’s snow joke if you don’t protect your data.

How safe is Santa’s list?

We were unable to talk to Santa himself as he was far too busy, but sources say he keeps a long-written list with all the children’s names on alongside their choice of presents. One of the GDPR’s security principles is that you process personal data securely with ‘appropriate technical and organisational measures.’ Only Santa himself Noels if the list is protected (potentially by magic) but he should do a risk assessment to identify any potential issues and put processes and measures in place to protect the children’s personal data such as pseudonymisation or encryption.  Should he have a data breach – a rogue elf shares the data, he mis-sleighs the list - the ICO could come down very heavy with a fine and claus a catastrophic situation.

💡 Check the, '6 privacy mistakes every company makes’ whitepaper to see if you’re making some of the most common GDPR mistakes in your organisation

How secure are Santa’s partners?

Third-party risk assessment is something to think about next year. It’s not good enough to turn a blind eye or not be curious about the way your supply chain handles your data. Why? A report by Ponemon Institute shows that 51% of businesses have suffered a data breach caused by a third party, with 44% suffering a breach within the previous 12 months.

If the elves and reindeers are ‘elf employed, St Nick must do a risk assessment and ensure they have all the right measures and systems in place to protect the children’s personal data to the same level he does. Next year Santa could consider ISO 27001 certification and ask his partners to do the same, to prove he and them are managing information security in line with international best practices.

💡If you’re new to ISO 27001, our 'Essential Guide to ISO 27001’ tells you all need you to know about this information security framework in a very simple way.

Replace cookies with mince pies from 2023

2023 seems a long way off but cookies are being phased out by Google so they will no longer elf themselves to tracking data for advertising purposes. It doesn’t mean the end of marketing, it’s potentially the start of a sparkly phase of creativity that has begun already. Cookies will be fine for Santa this year, but we all need to start pudding consent front and centre when collecting data in in 2022, 2023 and beyond.

💡 Get some cracking B2B and B2C marketing examples of cookieless marketing in our blog post: ‘3 Future-orientated marketing ideas without cookie tracking’

Is Santa transparent enough?

This is probably one of the hardest areas for those working in the North Pole, as it’s important to egg-nogledge the whole business is founded on mystery and magic. But now more than ever everyone expects to snow how you use their data, trust yule keep it safe and delete it when it’s no longer needed. People (including children) are more aware of their rights and the value of their data so the winners in 2023 will be those businesses who are completely transparent about all their data practices.

💡 J Cromack discusses this very point in his blog post: How data privacy is key to a successful business

Does Santa need a DPO ho ho?

Life would be much easier for Mr Claus if he outsourced all the above concerns to an independent DPO. He would be safe in the knowledge all his practices were compliant with local laws and confident no mince spies could access data or shine a light on any naughty data practices. As Santa is a busy man, he doesn’t want to be bamboozled with legalese so he would work well with someone like us, we’ll talk his language (can’t you tell) and be present whenever he needs us. If anyone sees him, please let him know!

Sign up to our newsletter – Get practical tips and invitations to webinars and online Q&A sessions.Subscribe now

 

About the author

Ren Watson

As a results-focussed analyst, Ren has worked in many industries including finance, charity and start-ups and became interested in data protection as a focus over the last decade. Using her analyst skills alongside her data protection expertise, she has consulted with charity, media and energy companies to understand their data protection requirements and has provided guidance and support for implementation of multiple privacy programmes. Today, she provides multi-functional support and awareness within DataGuard and to clients to promote privacy beyond compliance.

Explore more articles

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk