Data Protection Day, celebrated annually on January 28th, highlights the importance of safeguarding personal information in a digital world. Originally launched by the Council of Europe in 2006, the day aims to raise awareness about privacy rights and the ethical use of personal data.
With the rise of cyber-attacks and data breaches, championing online safety and data protection is more important now than ever before. The ICO reported that 69% of people who experienced a data breach reported that it had a negative impact on their lives, including loss of trust, emotional distress and even financial loss. As such, data protection plays a huge part in keeping customers,clients and employees happy.
“Data is one of the most valuable resources of the modern day, and it is vital businesses protect this crucial asset. Worryingly, however, the UK Government’s recent Cyber Security Breaches survey has shown that only 22% of UK businesses have a formal incident response plan in place,” said Glenn Akester, Technology & Innovation Director, Networks & Security at Node4.
He continued, “As such, until a major crisis occurs, most business recovery and continuity plans will remain underfunded and undervalued. This leaves them open to catastrophic events or cyber-attacks, putting valuable company and customer data at risk. It is vital that organisations start taking a proactive approach to data security, rather than driving it forward solely on an incident-by-incident basis. In the long term, recovery proves to be significantly more expensive than the costs associated with protection and defence.”
Addressing best cyber security practices for data protection, Bruce Kornfeld, Chief Product Officer at StorMagic, recommended that “first, CIOs must institute a comprehensive security framework that addresses as many vulnerabilities as possible while staying within budget. Second, businesses need to put in place strong data encryption policies so that if any bad actors make it through the security protections, the data they retrieve will still be unusable – and customer privacy will be maintained.”
In 2025 organisations should prioritise data resilience to ensure that business operations can continue, even if the worst happens. To increase resilience, companies can store one copy of critical data offline and offsite and use airgapping to prevent threats from bypassing cybersecurity defences and spreading between systems. The LTO Marketing Team suggested that “tape storage is a prime example of an air-gapped solution – while the on-premises and/or cloud storage could be compromised in minutes due to a successful threat, data stored on tapes would remain untouched. It is then a simple process to restore data to get business operations back up and running before the impact of the incident causes permanent damage.”
Understanding data is crucial to protecting it, you can’t protect your data if you don’t know how much you have, where it is stored, and how it is being used. Paolo Platter, CTO and Co-founder at Agile Lab and Product Manager on Witboost commented, “For many businesses, data is being used in a multitude of different ways, making it difficult to ensure every process is compliant every single time.”
In 2025, new data privacy regulations, including the Data (Use and Access) Bill, will tighten control over personal data usage and access. Organisations will face stricter compliance requirements, increased transparency obligations, and more robust enforcement mechanisms. Platter added, “Automating key data management operations, such as data contracts, can play a vital role in governing and monitoring data processes. Data contracts ensure data is produced, collected, and stored according to the rules that are agreed upon. This not only ensures that all handling of data abides by regulatory laws, but also provides IT and security teams with greater oversight of the data and a better ability to protect it.”
The increasing frequency and sophistication of cyber-attacks means for many businesses, it is now a matter of when, not if, an attack will happen. Businesses must therefore prioritise rapid recovery in order to build resilience and return to business as usual as soon as possible after an attack. Darren Thomson, Field CTO EMEAI at Commvault, explained, “Businesses must embrace the concept of a minimum viable company – the ability to maintain essential operations and services even in the aftermath of a cyberattack. Traditional reliance on backups is no longer enough, as cybercriminals have adapted, embedding malware into backups or using sleeper ransomware that activates after restoration.
“This makes clean recovery strategies essential,” he continued. “Having a minimum viable company requires the ability to restore critical systems in a secure, malware-free environment, which is possible today thanks to virtual cleanrooms in the cloud. These environments can be adapted as needed, allowing for regular testing at a minimal cost and ensuring rapid, reliable recovery when it matters most.”
The new threat when it comes to data protection is AI. AI can pose significant risks due to its ability to process vast amounts of personal data, often without full transparency or user consent. Additionally, improperly secured AI systems may lead to breaches and unintended data exposure, raising concerns about privacy. Therefore as AI becomes a part of daily life, it is crucial to address its impact.
AI regulations remain in their infancy, but are being put in place to ensure innovation is ethical and doesn’t compromise data protection. Organisations looking to use AI must therefore take the initiative and incorporate methods to ensure use is ethical, and steps are taken to assess and address any privacy risks associated.
“It is essential to implement ‘privacy by design’ into AI systems by default rather than bolting on privacy in retrospect,” outlined Martin Davies, Audit Alliance Manager at Drata. “This not only ensures compliance with data privacy regulations but also builds trust with users and creates safer, more secure digital systems. This means incorporating privacy protections into the product and software engineering lifecycle to help ensure the cradle-to-grave handling of customer data is explicitly identified, communicated, intentional, and handled appropriately. This guarantees the secure handling of customer data. As regulatory frameworks evolve, organisations that act early to develop secure AI systems will be better positioned to thrive in a landscape that balances innovation with robust data protection.”
In conclusion, Data Protection Day serves as a reminder of the importance of data protection. With rising cyber threats, organisations must enhance their security practices and invest in resilient systems to ensure business can recover quickly following an attack. As data becomes more valuable, the adoption of robust security measures are essential to safeguarding sensitive information.