Available at a fixed monthly cost

Get your quote today

What we offer at a glance

  • Get an external data protection officer
  • Audit of your data privacy status quo
  • GDPR support for small businesses and large corporations
  • Personal contact person & individual support
  • Easier communication with authorities
  • 100+ experts from the fields of law, economics & IT

Don't trust us, trust them:

Jedox  Logo Contact Demodesk Logo Contact Elevate Logo Contact Canon  Logo Contact CBTL Logo Contact Alasco  Logo Contact RightNow Logo Contact Veganz Logo Contact Escada Logo Contact First Group Logo Contact

Learn more about our prices & services

or call us now: (020) 36956 452

What should be top of Santa’s list in 2022?

It’s almost time for the big man to arrive and deliver presents to all the nice children around the world. But there are few things he should start to seriously consider in 2022 as the ICyO and other jollystictions have dished out a fair few fines this year for unlawful data practices. In the third quarter alone, there were more than $1.1bm worth of fines issued – it sounds crackers but it’s true. Tipple the number issued in 2020!

As it’s the season of goodwill we wanted to share a few privacy pointers that St Nick and you should think about next year. Afterall, it’s snow joke if you don’t protect your data.

How safe is Santa’s list?

We were unable to talk to Santa himself as he was far too busy, but sources say he keeps a long-written list with all the children’s names on alongside their choice of presents. One of the GDPR’s security principles is that you process personal data securely with ‘appropriate technical and organisational measures.’ Only Santa himself Noels if the list is protected (potentially by magic) but he should do a risk assessment to identify any potential issues and put processes and measures in place to protect the children’s personal data such as pseudonymisation or encryption.  Should he have a data breach – a rogue elf shares the data, he mis-sleighs the list - the ICO could come down very heavy with a fine and claus a catastrophic situation.

💡 Check the, '6 privacy mistakes every company makes’ whitepaper to see if you’re making some of the most common GDPR mistakes in your organisation

How secure are Santa’s partners?

Third-party risk assessment is something to think about next year. It’s not good enough to turn a blind eye or not be curious about the way your supply chain handles your data. Why? A report by Ponemon Institute shows that 51% of businesses have suffered a data breach caused by a third party, with 44% suffering a breach within the previous 12 months.

If the elves and reindeers are ‘elf employed, St Nick must do a risk assessment and ensure they have all the right measures and systems in place to protect the children’s personal data to the same level he does. Next year Santa could consider ISO 27001 certification and ask his partners to do the same, to prove he and them are managing information security in line with international best practices.

💡If you’re new to ISO 27001, our 'Essential Guide to ISO 27001’ tells you all need you to know about this information security framework in a very simple way.

Replace cookies with mince pies from 2023

2023 seems a long way off but cookies are being phased out by Google so they will no longer elf themselves to tracking data for advertising purposes. It doesn’t mean the end of marketing, it’s potentially the start of a sparkly phase of creativity that has begun already. Cookies will be fine for Santa this year, but we all need to start pudding consent front and centre when collecting data in in 2022, 2023 and beyond.

💡 Get some cracking B2B and B2C marketing examples of cookieless marketing in our blog post: ‘3 Future-orientated marketing ideas without cookie tracking’

Is Santa transparent enough?

This is probably one of the hardest areas for those working in the North Pole, as it’s important to egg-nogledge the whole business is founded on mystery and magic. But now more than ever everyone expects to snow how you use their data, trust yule keep it safe and delete it when it’s no longer needed. People (including children) are more aware of their rights and the value of their data so the winners in 2023 will be those businesses who are completely transparent about all their data practices.

💡 J Cromack discusses this very point in his blog post: How data privacy is key to a successful business

Does Santa need a DPO ho ho?

Life would be much easier for Mr Claus if he outsourced all the above concerns to an independent DPO. He would be safe in the knowledge all his practices were compliant with local laws and confident no mince spies could access data or shine a light on any naughty data practices. As Santa is a busy man, he doesn’t want to be bamboozled with legalese so he would work well with someone like us, we’ll talk his language (can’t you tell) and be present whenever he needs us. If anyone sees him, please let him know!

Sign up to our newsletter – Get practical tips and invitations to webinars and online Q&A sessions.Subscribe now


About the author

Ren Watson

As a results-focussed analyst, Ren has worked in many industries including finance, charity and start-ups and became interested in data protection as a focus over the last decade. Using her analyst skills alongside her data protection expertise, she has consulted with charity, media and energy companies to understand their data protection requirements and has provided guidance and support for implementation of multiple privacy programmes. Today, she provides multi-functional support and awareness within DataGuard and to clients to promote privacy beyond compliance.

Explore more articles