Get your tailored quote!

Or book an appointment here...


(020) 36956 452

It’s almost time for the big man to arrive and deliver presents to all the nice children around the world. But there are few things he should start to seriously consider in 2022 as the ICyO and other jollystictions have dished out a fair few fines this year for unlawful data practices. In the third quarter alone, there were more than $1.1bm worth of fines issued – it sounds crackers but it’s true. Tipple the number issued in 2020!

As it’s the season of goodwill we wanted to share a few privacy pointers that St Nick and you should think about next year. Afterall, it’s snow joke if you don’t protect your data.


How safe is Santa’s list?

We were unable to talk to Santa himself as he was far too busy, but sources say he keeps a long-written list with all the children’s names on alongside their choice of presents. One of the GDPR’s security principles is that you process personal data securely with ‘appropriate technical and organisational measures.’ Only Santa himself Noels if the list is protected (potentially by magic) but he should do a risk assessment to identify any potential issues and put processes and measures in place to protect the children’s personal data such as pseudonymisation or encryption.  Should he have a data breach – a rogue elf shares the data, he mis-sleighs the list - the ICO could come down very heavy with a fine and claus a catastrophic situation.


💡 Check the, '6 privacy mistakes every company makes’ whitepaper to see if you’re making some of the most common GDPR mistakes in your organisation


How secure are Santa’s partners?

Third-party risk assessment is something to think about next year. It’s not good enough to turn a blind eye or not be curious about the way your supply chain handles your data. Why? A report by Ponemon Institute shows that 51% of businesses have suffered a data breach caused by a third party, with 44% suffering a breach within the previous 12 months.

If the elves and reindeers are ‘elf employed, St Nick must do a risk assessment and ensure they have all the right measures and systems in place to protect the children’s personal data to the same level he does. Next year Santa could consider ISO 27001 certification and ask his partners to do the same, to prove he and them are managing information security in line with international best practices.


💡If you’re new to ISO 27001, our 'Essential Guide to ISO 27001’ tells you all need you to know about this information security framework in a very simple way.


Replace cookies with mince pies from 2023

2023 seems a long way off but cookies are being phased out by Google so they will no longer elf themselves to tracking data for advertising purposes. It doesn’t mean the end of marketing, it’s potentially the start of a sparkly phase of creativity that has begun already. Cookies will be fine for Santa this year, but we all need to start pudding consent front and centre when collecting data in in 2022, 2023 and beyond.


💡 Get some cracking B2B and B2C marketing examples of cookieless marketing in our blog post: ‘3 Future-orientated marketing ideas without cookie tracking’


Is Santa transparent enough?

This is probably one of the hardest areas for those working in the North Pole, as it’s important to egg-nogledge the whole business is founded on mystery and magic. But now more than ever everyone expects to snow how you use their data, trust yule keep it safe and delete it when it’s no longer needed. People (including children) are more aware of their rights and the value of their data so the winners in 2023 will be those businesses who are completely transparent about all their data practices.


💡 J Cromack discusses this very point in his blog post: How data privacy is key to a successful business


Does Santa need a DPO ho ho?

Life would be much easier for Mr Claus if he outsourced all the above concerns to an independent DPO. He would be safe in the knowledge all his practices were compliant with local laws and confident no mince spies could access data or shine a light on any naughty data practices. As Santa is a busy man, he doesn’t want to be bamboozled with legalese so he would work well with someone like us, we’ll talk his language (can’t you tell) and be present whenever he needs us. If anyone sees him, please let him know!


Have 5 minutes? Let us show you how DataGuard can help you in your journey of data privacy.

1. If you need a little guidance in terms of implementation of Information Security or GDPR, start with our free whitepapers today.

2. Information Security as a Competitive Advantage! Have a look at our services.

3. Future-proof your Data Privacy with GDPR compliance. Get solutions tailored to your needs. 

4. Looking to Boost your Customer Trust? Go the extra mile with  Consent Management.

5. Want to be a Data Privacy Champion? Try out our Academy for free & Boost your Privacy Knowledge.

For the latest news and updates on Data Privacy, follow us - Dataguard LinkedinDataGuard twitter