Privacy has gone from something that virtually nobody cared about to something that is on the news daily.  Organisations used to ignore privacy. While some organisations are still sticking their heads in the sand, both regulators and the public are demanding change.  And organisations can’t afford to ignore it any longer.

Successful organisations will be those that innovate and protect personal information.  It is not a choice. Privacy compliance needs to be part of your organisation’s DNA.  If you don’t do it, your competitors will. And your competitors will win.

That means that you need to embed a privacy by design and default approach into your organisation’s culture before you are the loser.

Are you sure you know what privacy by design and by default mean?

In short, it means that at the earliest stage of any new initiative in your organisation and throughout that initiative’s life cycle you will ensure that privacy principles are implemented.  In other words, as your new initiative develops you will always be considering whether personal information is being used, whether it needs to be used, whether it can be minimised, how it is to be protected and how individuals’ rights in relation to it will be provided.

Are you sure you know how to achieve privacy by design and by default?

First, make sure that all your staff understand what it means.  Second make them care.  Finally, give them the tools to do something about it.

If all your staff are trained properly they will understand it.  If you make it clear that it is an important part of your organisation’s culture and there are consequences for not following it, then they will care.  And if you provide them with a structure and documentation to enable them to follow a privacy by design and default approach, they will have no excuses not to get on and do it!

This means that all your staff understand the importance of things like data minimisation, the rights of individuals under the GDPR, transparency and anonymisation.

Are you sure when to use a data protection impact assessment?

You need to use a privacy impact assessment (data protection impact assessment) if the new product / process / methodology you are considering is a high risk to the rights and freedoms of individuals.

Do you wish this was all a bit easier?

It really isn’t that hard.  But we do this all day every day.  We are able to cut through the noise and make things quicker and easier.  At The Privacy Compliance Hub we use our Eight Privacy Promises to help organisations like yours build and maintain a comprehensive data protection compliance programme with privacy by design and by default at its heart.

This article is part of an eight part series.  Feel free to check out the others:

GDPR : Are you sure you’re fine?

  1. Are you sure your staff know why the GDPR is important to the success of your organisation?
  2. Are you sure you know what you do with people’s data?
  3. Are you sure you tell people what you do with their data?
  4. Are you sure you trust organisations that you are sharing data with?
  5. Are you sure that nobody will complain?
  6. Are you sure you’re secure?
  7. Are you sure you know which countries keep data safe?
  8. Are you sure you build products and services with privacy in mind?