Data Privacy Day, IO comments

The theme of this year’s Data Privacy Day is ‘You have the power to take charge of your data’ and is a call to action for businesses, governments and individuals to respect privacy, safeguard data, and enable trust.  For organizations it means providing data privacy is governed in practice, not just on paper.  We talk to Sam Peters, Chief Product Officer, IO for his views.

“Customers, partners and regulators now expect organizations to demonstrate how privacy is embedded into day-to-day operations.  Policies alone are no longer enough.  The real test is whether organizations can demonstrate strong information security foundations, clear ownership and consistent execution across people, technology and suppliers.”

“Similarly, a growing number of UK and US businesses now require GDPR compliance from their suppliers as a condition of doing business.  Data privacy has become a commercial expectation, not simply a regulatory one.  And organizations with weak privacy maturity are increasingly being exposed.”

“As we move through 2026, those gaps in privacy maturity will become harder to ignore.  The introduction of changes under the UK’s Data (Use and Access) Act 2025 will place renewed scrutiny on accountability.”

“Against this backdrop, effective data protection increasingly depends on strong information security foundations, clearly defined responsibilities and repeatable processes.  This is why standards-based approaches are gaining traction.  Frameworks such as ISO 27701 are being used to formalize privacy operations, helping organizations move from intent to execution by structuring data mapping, privacy-by-design and data subject rights management in line with evolving regulation.”

“Crucially, privacy cannot sit in isolation.  Integrated compliance, aligning data protection, information security, and AI governance, is becoming essential.  Organizations that take this joined-up approach are better positioned to manage risk, scale responsibly and adapt as regulatory and commercial expectations continue to rise.”

“On Data Privacy Day 2026, the message is clear.  Taking charge of data means taking responsibility for how privacy works in practice – across the organization and beyond.”