Awareness is spotlighted as a critical element of data protection and privacy. Modern users of online services are called upon to act as informed users, being aware of the concept of privacy, the underlying risks, the solutions, and their rights. In order to achieve the required awareness, it is particularly crucial, already from school age, to familiarise and educate children with the concepts of personal data, privacy and the risks that may arise. Ideally, starting from school, the pursuit of a culture of privacy is sought which includes a set of behaviours, beliefs, habits and rules when using online services and disclosing personal information.
On the other hand, the flip-side of users’ awareness is the awareness of companies and other organisations that collect and process personal data, which is vital for the application of appropriate data management practices and eventually for being compliant with the GDPR and other data protection provisions. Corporate awareness, especially for SMEs, is often personified by the role of the Data Protection Officer (DPO), that, according to the Article 39 of the GDPR, has the task to inform and advise the controller or the processor and the employees.
The GDPR, under Article 57, explicitly assigns to the Data Protection Authorities (DPAs) the task to promote public awareness and understanding of the risks, rules, safeguards and rights in relation to processing of personal data.
The byDefault project, identifying the needs for data protection and privacy education and for an open knowledge source for DPOs and privacy professionals, pursues two strategic goals:
• To raise data protection and privacy awareness among the critical social group of children.
• To provide DPOs and privacy professionals with continuous support in their activities, beyond a basic level, aiming towards specialised guidance on selected key sectors.
The byDefault project has received funding from the European Union’s Citizens, Equality, Rights and Values Programme (CERV) under grant agreement No. 101074939 and coordinated by the Hellenic Data Protection Authority.
Project start date: September 1, 2022
Project end date: August 31, 2024