All this information can come from multiple sources: personal and payment data from private and public companies, browsing and shopping data, behaviour data from social networks; data extracted from all kinds of devices such as smartwatches, sensors... Its applications are numerous and thanks to this amount of information, artificial intelligence systems have been launched, digital platforms that offer personalised services, predictive algorithms with applications in health, finance, marketing... However, we cannot lose sight of the main generators of all this information: people.
The importance of data protection and privacy in the age of technology
Digital transformation is not just a matter of efficiency or innovation. It is an opportunity to build a fairer, more inclusive and more human future. And on that path, having all the necessary measures to protect data and its privacy ensures that technological progress is made with respect, with ethics and with responsibility.
Here we enter the field of cybersecurity, in which privacy enhancement technologies (PET) play a fundamental role. These are tools that protect personally identifiable information (PII) and minimise security risks. And they achieve this without losing the functionality of that information – that is, they allow data to be used that would otherwise be unavailable to improve services and advance technologically, while complying with current legislation.
Their use not only helps respect privacy regulations and data protection but also guarantees the security of the business as a whole by preventing breaches and improving its resilience.
Protecting data is not just about complying with the law: it is about safeguarding the freedom and trust of millions of people. At Iberdrola, we apply ethical principles and advanced technologies so that each innovation respects privacy by design.
What the law says about data protection and privacy
Today, more than ever, we must understand privacy not just as a legal requirement, but as a strategic value. Protecting personal data is protecting the freedom, autonomy and dignity of each individual. It is recognising that behind each piece of data there is a story, a life, a person.
In a digital environment where everything is measured, analysed and predicted, privacy acts as a guiding principle that helps ensure that technological development remains aligned with ethical values and respect for individual rights.
The importance of properly protecting data makes it necessary to have regulations that provide a foundation on which companies must work. One of the pioneering and most influential is the General Data Protection Regulation (GDPR) enacted by the European Union in 2018. This law affects any organisation that processes the data of EU citizens, even if its headquarters are outside the EU.
Among the keys to its compliance are explicit consent to store and use data, data minimisation, the right to be forgotten, portability and notification of security breaches within 72 hours.
It also protects against the collection and use of data on a person's racial or ethnic origin, sexual orientation, political opinions, religious or philosophical convictions, trade union membership, health or biometric data (except with explicit consent) or criminal offences with the aim of preventing any kind of discrimination.
For its part, the United Kingdom created the UK Data Protection Act 2018, its own version of the GDPR following Brexit. In the case of the United States, there are no federal regulations that apply across the country; instead, each state or sector has designed its own rules. However, in the rest of the countries of the world, legislation is being implemented at the national level that addresses data processing by private entities with differences applied to each region.