European Data Protection Day, observed every year on 28 January, was established by the Council of Europe and is linked to Convention 108, the first legally binding international instrument on the protection of personal data. The day serves as a reminder that the right to privacy is a fundamental human right — especially in a time when personal information is increasingly collected, stored and processed digitally.
Personal data are not merely technical entries in databases and systems. They are fragments of people’s lives. They include health information, personal experiences, vulnerable moments and deeply private aspects of identity. When individuals share such information, they do so with the expectation that it will be handled with care, confidentiality and respect.
For organisations such as Kapa3, which work closely with patients and people in vulnerable situations, data protection goes far beyond legal compliance. It is a matter of dignity and trust. Health data — including information related to both physical and mental health — belong to the most sensitive categories of personal data. Inadequate protection or misuse can lead to stigma, discrimination and a profound sense of insecurity.
Within the European Union, the General Data Protection Regulation (GDPR) provides a common framework to ensure that individuals retain control over their personal information. Rights such as informed consent, access to data and the ability to request deletion are not administrative formalities. They are essential safeguards that protect human integrity, particularly in the context of healthcare and social support.
According to the World Health Organization (WHO), confidentiality and ethical governance of health data are fundamental to the provision of safe and high-quality care. Trust between patients and healthcare or support organisations is strengthened when personal information is managed transparently, responsibly and within clearly defined limits.
European Data Protection Day is not only an occasion to reflect on legal obligations or technical safeguards. It is an opportunity to consider how we approach privacy as a core element of respectful and ethical care. Protecting personal data is ultimately not about technology — it is about protecting the people behind the data and the trust that underpins every meaningful human relationship.
Sources:
- Council of Europe — Convention 108
- European Data Protection Board (EDPB) — GDPR & Special Categories of Data
- World Health Organization (WHO) — Health Data Governance & Confidentiality
- Hellenic Data Protection Authority – Greece
Text/adaptation: Ifiyenia Anastasiou for Kapa3
