What is data privacy?
Data privacy refers to the proper handling, processing, storage, and use of personal information to protect the confidentiality and integrity of individual’s data. It ensures that personal information is not only secured, but also remains accurate, and is only used for its intended use.
Data privacy encompasses the policies, procedures and practices that organisations adopt to ensure personal data is collected, used, and shared in a lawful and transparent manner. These practices must comply with legal obligations such as GDPR and other application data protection laws, and must extend beyond the organisation itself to include third-party vendors such as data processors who may also be handling the data.
Modern data privacy frameworks emphasise individual rights and control over personal information. Individuals should be empowered with specific data rights including the ability to access their personal data, request its deletion, and correct inaccuracies. Legal frameworks such as GDPR mandate providing clear mechanisms for users to be able to manage their own data preferences and consent through the life of the data.
How does data privacy differ from data security?
While related, data security is a subset of data protection that focuses on protecting data from unauthorised access, use, disclosure, disruption, modification, or destruction. Data privacy governs the lawful and fair collection, processing, and use of personal information, regardless of whether a security breach has occurred.
Together, data security and data privacy form the foundation of data protection, which ensures that data is not only safeguarded but also handled in a manner that respects legal and ethical obligations.
Related pages
- Data controller
- Data processor
- GDPR
- Data privacy laws