KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, celebrates Data Privacy Day with practical and impactful recommendations to help individuals and organisations take charge of their data security.
In an age where data is constantly collected, shared, and monetised, Data Privacy Day serves as an annual reminder about the importance of protecting and facilitating online privacy. Data Privacy Day began in the United States in January 2008 as an extension of the Data Protection Day celebration in Europe and is officially led by NCSA in North America. The National Cybersecurity Alliance has expanded it into Data Privacy Week, with the 2025 theme ‘Take Control of Your Data’, which encourages individuals to reclaim their digital autonomy through simple, actionable steps to make informed privacy choices. For organisations, the message emphasises the need to respect and prioritise users’ data privacy.
Data privacy is more critical than ever, especially when social media platforms, AI chatbots and connected devices have increased publicly available digital footprints. This creates opportunities for the misuse of personal information and data traces which can lead to incidents of identity theft, financial fraud, and even psychological harm.
Recognising the shared responsibility of safeguarding data, DePaula shares the 10 top tips for individuals and organizations to help take control of their data in 2025:
Tips for Individuals
- Vet your apps and tools: Before using new apps, check their data usage policies, control options, and origin to ensure they are trustworthy.
- Optimise IoT device privacy: Adjust settings in your IoT device apps to enhance privacy, such as disabling voice recordings, limiting data storage, or controlling ad preferences.
- Educate your family: Discuss online safety with family members, especially children, covering topics like avoiding sharing personal information, recognizing suspicious links, and managing location sharing.
- Set up a reputable password manager: Use it for critical accounts and generate strong, unique passwords.
- Enable multi-factor authentication (MFA): Activate MFA, preferably with a FIDO token, for critical accounts as an added layer of protection.
Tips for Organisations
- Minimise data collection: Only collect and store data that is essential for business operations. Eliminate unnecessary personal or payment information.
- Communicate transparency in privacy policies: Clearly explain what data is collected, how it is used, and with whom it is shared.
- Train employees: Educate all employees on data protection regulations, while training them to recognize the latest social engineering attacks and other security risks.
- Encrypt personal data: Protect personal data—at rest and in transit—from unauthorized access or exposure.
- Vet vendors and partners: As a ‘responsible party’, your organization is responsible and accountable for protecting the data of its subject – even if the processing is outsourced to third parties. Ensure that any external parties handling your organization’s data maintain a high standard of privacy and protection.
“The new year brings a wave of challenges, especially with the rapid advancements and creation of AI-driven technologies,” said DePaula. “For AI to function effectively, it relies on vast amounts of data being collected and utilised, which raises important questions about privacy, transparency, and ethics. It is up to every organization to take responsibility, not just in regard to how data is handled, but in fostering a culture of accountability. “We have an obligation to build and maintain trust as we navigate our digital landscape.”
For more insights and best practices on data privacy, visit www.knowbe4.com.
