Data Privacy Day has evolved from a symbolic reminder into a strategic checkpoint for organisations navigating an increasingly complex digital landscape. As artificial intelligence, cloud ecosystems, and regulatory expectations reshape how data is created and consumed, privacy has become inseparable from trust.
“Data Privacy Day is a reminder that privacy is fundamentally about trust—how responsibly organisations protect and control the data they are entrusted with,” says Omar Akar, VP – METCA at Pure Storage. “As data volumes grow and regulations evolve, privacy can no longer be addressed through policy alone. It must be built into the way data is stored, accessed, and governed across the enterprise.”
That shift places infrastructure squarely at the centre of privacy strategy. “Strong data privacy begins with secure foundations,” Akar adds. “Built-in encryption and robust key management play a critical role in protecting sensitive information at rest, supporting privacy objectives and enabling organisations to manage regulated and mission-critical data with confidence. As regulatory frameworks such as GDPR and DORA continue to raise expectations around accountability and resilience, maintaining clear ownership and control of data has become essential.”
Yet privacy today extends far beyond storage. Morey Haber, Chief Security Advisor at BeyondTrust, argues that data privacy is no longer a simple cybersecurity control or compliance checkbox. “It reflects how deeply interconnected the modern world has become between businesses, governments, and consumers,” he says. “Every interaction, financial transaction, remote authentication, and geolocation ping generates personal data.”
Haber points out that personal data erosion increasingly occurs through legitimate use rather than breaches. “The more customised the experience, the more data is shared behind the scenes to present tailored content just for you. As such, personal data privacy erodes not only through cybersecurity breaches, but through thousands of legitimate exchanges that aggregate into detailed digital profiles about us.”
This reality leads to a difficult conclusion. “There is no such thing as absolute data privacy,” Haber says. “The real question is what data are you willing to share?” He warns that scale and business models designed to monetise information make privacy harder than ever to achieve. “True personal data privacy requires visibility into all of this data, with control assigned to the individual user—not the business or government entity.”
Artificial intelligence has further intensified these challenges. Andre Troskie, EMEA Field CISO at Veeam Software, notes that AI has moved from hype to real business advantage, placing data firmly under the spotlight. “Organisations have to learn to walk the tightrope between keeping data secure without compromising usability,” he says.
Troskie cautions that weak data resilience now limits innovation. “Immature data resilience isn’t just a security risk anymore—it’s a roadblock for organisations looking to access the true potential of AI.” While the technology may feel new, the foundations remain unchanged. “Impact assessments, data standardisation, governance, and validation will all remain essential,” he says. “New tools and AI breakthroughs can crumble in an instant if just one of those foundational measures is missing.”
Meanwhile, the scale and persistence of modern threats continue to widen the gap between awareness and behaviour. Gerald Beuchelt, CISO at Acronis, highlights how convenience still overrides caution. “Weak passwords, reused credentials, and casual use of unsecured networks remain common, even as the impact of compromise becomes more serious and far-reaching,” he says.
Beuchelt explains that privacy risk is now defined by exposure over time. “Attackers operate with automated infrastructures that run continuously, testing credentials and scaling data theft at a pace individuals cannot manage alone.” Closing this gap, he says, requires both usable security tools and disciplined habits focused on reducing unnecessary exposure.
In the Middle East, privacy expectations are accelerating alongside regulatory momentum. Keyur Shah, Associate Field CISO at Sophos, notes that the region is moving decisively toward privacy-by-design. “With PDPL implementation accelerating, DIFC strengthening individual rights, and GCC countries prioritising data sovereignty, expectations around safeguarding personal information are rising fast,” he says.
At the same time, Shah warns that attackers are increasingly targeting people rather than systems. “Cybercriminals are exploiting stolen identities through SMS and WhatsApp scams, impersonation, and social engineering. In today’s market, an identity breach quickly becomes a privacy breach.”
AI itself introduces new risks that demand careful governance. Chris Cochran, Field CISO and Vice President of AI Security at SANS, urges organisations to rethink how their data is exposed to AI systems. “AI systems learn from public web content by default,” he says. “If you own a website, your content may already be in the training stream.”
Cochran also cautions against the unchecked use of AI-powered browsers and agents. “Malicious content can trigger indirect prompt injection, causing agents to leak stored context or prior data,” he says, advocating data minimisation as the simplest and most effective protection.
Looking ahead, privacy is becoming a daily operational discipline rather than a legal exercise. Harun Baykal, Head of Cybersecurity Practice for the Middle East and Africa at NTT DATA, observes that AI has changed the privacy equation. “The risk isn’t only leaks; it’s what models can infer and how quickly data gets reused across tools, prompts, and pipelines,” he says.
Baykal points to “shadow AI” as an emerging concern, where employees use consumer AI tools without oversight. “The best organisations don’t treat privacy as a brake on innovation,” he says. “They collect less, keep it for less time, limit access, and prove the controls work.”
This Data Privacy Day, the message from industry leaders is consistent. Privacy is no longer about ticking boxes. It is about control, transparency, and trust—values that will ultimately determine how successfully organisations navigate the next phase of digital and AI-driven transformation.
