Personal data management systems cannot be considered as static systems,
taking into account that their mobility and transformation result from the legal implications of each country and the corporate implications of each company...
There are innumerable lessons to be learned from the evolution and implementation of privacy systems around the world, from failures announced from the issuance of the rule to the lack of involvement by local authorities in matters of socialization and training on a brand-new subject in theory.
Despite the fact that during the last many years, several countries have included within their legislation general and specific regulations for the protection of personal data or privacy in the hope of protecting, in a special way, the personal data of their citizens, and framing them within a local normative body, the statistics show the low effectiveness on the part of the authority in the matter of follow-up and insertion of the rule and the lack of awareness about the population in general, including companies, as those liable for and in charge of the treatment of information.
Circulation of personal
data today undoubtedly
represents one of the great
inputs for leading-edge
companies and where
terms and conditions
for data transfers and
and uses, should be clear
from the very beginning
Enforcement and subsequent effectiveness of rules on privacy and protection of personal data, rather than generating an impact on citizen consciousness, have only demonstrated the intention of punishing inappropriate behavior by the regulator, which enforceability is determined by the conception of privacy principles as fundamental rights, or simply, the accessory support to frame a company's freedom with some precautions.
Personal data protection authorities, after having looked for an independent place in the structures of the state for many years, have finally obtained an autonomous nature, together with the necessary tools to face and manage new challenges arising from both the new digital world and the new transversal legislation.
Circulation of personal data today undoubtedly represents one of the great inputs for leading-edge companies and where terms and conditions for data transfers and transmissions, purposes, and uses should be clear from the very beginning. Local authorities in charge of the regulations and protection of personal data, despite generating an environment of legal security, have invested in or modified the natural conduit in search of greater effectiveness, where they have focused on corporate training and cohesion measures and have forgotten the ordinary citizen as the holder of rights.
Through the insertion of the General Data Protection Regulation in the EU, challenges for companies that have legal and commercial relations with Europe are even greater, and living compliance systems in terms of privacy must be the main input of companies, where a system itself is fed by employees, generating an environment and a culture of privacy based on the training and business knowledge.
The efforts of personal data protection authorities should focus on building trust, training, and preparing for the future. Undoubtedly, a trained citizen is a conscious ruleof-law subject and with the ability to spread the message and to assert his or her interests and those of his or her environment. But a trained employee, who keeps the culture of privacy in the DNA, will not only be aware of his or her rights and duties but also understand the company's privacy system and become part of the structure of compliance as an active subject.
Given the state of things, new challenges posed by a globalized environment have put most laws in check due to the static situation thereof. Personal data management systems cannot be considered as static systems, taking into account that their mobility and transformation result from the legal implications of each country and the corporate implications of each company.
The way of sharing and focusing on a globalized environment has changed the way people think and communicate; we are facing a digital revolution, where technological challenges are increasing and where a legislator has to reach the frenzied rhythm of technology, in particular, in the face of privacy and data sharing processes.
Assets of the digital revolution are growing and varied, and the way of sharing personal data is much more diverse, opening unexplored channels and providing innovative services. The personal data protection authority must be part of the digital revolution, evolve within its environment, and lead the state-of-the-art protection mechanisms.
It is clear that in these modern times, the way of communicating a message makes a difference, and the inability to communicate it correctly, misinterpretation, or even the improper selection of a communication channel are some factors that cause difficulties to properly recognize and interpret a specific message, or in the worst case, cause the opposite effect. In a world governed by millennials, where data traffic encompasses most of their relations with the world, an assertive communication strategy, using modern channels, easily accessible, and without bureaucracy, will ensure a better understanding of a moving-up data protection system, making them become a part of the cultural change, necessary to achieve greater effectiveness.
Socialization carried out by experts of the same social or cultural group, the inclusion of modern channels, and a message easy to understand without legal technicalities will surely guarantee the collective awareness in a subject that requires the intervention of an average citizen to control the same environment of sharing.
Finally, in order to face transversal legislation challenges, such as the European challenge, the updating and penetration of training and socialization channels, the companies, together with the data protection authorities, should work hand in hand on the management of pillars of change based on the identification of new risks, evolution and focused training, and the simplicity of the systems and penetration channels. Once the results of the management of pillars of change are obtained, it will be possible to design a new privacy system, incorporating it into the DNA of each company (and its employees) and in the common citizen.
Disclaimer – The views expressed in this article are the personal views of the author and are purely informative in nature.