The Privacy Guy – Privacy Promise 8 – Privacy by design & by default

As everyone that has read his thoughts and watched his videos knows, The Privacy Guy is one seriously cultured individual. Without culture he would be nothing. He’d be an empty shell of a man. A man in an ill fitting grey suit with a clipboard, ticking boxes and shouting, “Computer says no!”. In short, he would be an unsuccessful man.

By Nigel Jones

Co Founder of The Privacy Compliance Hub

March 2020

Nobody sets out wanting to be unsuccessful.  Likewise, nobody sets out with the intention of creating an unsuccessful data protection compliance programme.  Nobody sets out with the intention of failing to prevent data breaches. But what does “success” really mean in data protection terms?  At The Privacy Compliance Hub, we think it means when your people understand what personal data is. They know the basics and they care about them.  And they know enough to ask questions when they know that something isn’t right. It is that culture that enables your organisation to achieve success and prevent data breaches.

Make your people understand, care and do

The people in your organisation need to understand what privacy by design and by default means.  Once they understand, they will care.  And if they care they will do what they can to help establish privacy by design and by default in your company culture.   At The Privacy Compliance Hub, we provide a simple platform to make people understand and care.  At its very heart is privacy by design and by default.  

The comprehensive privacy compliance programme contained within our platform is based upon our unique Eight Privacy Promises.  Helping everyone understand those Eight Privacy Promises is our very own Privacy Guy who guides you through what it means and what it takes to comply with the law.

Privacy Promise  8 – We build privacy into everything we do

This is the last of our Eight Privacy Promises.  In other words, we promise to adopt a privacy by design and by default approach throughout our organisation.  It may be the final promise, but it cuts across everything that an organisation does.

What The Privacy Guy needs you to understand

The Privacy Guy needs you to understand that you need to make your products and processes less privacy intrusive.  Your staff need to understand that they should think about minimising or eliminating the use of personal data where possible.

You need to understand that privacy and data protection have to be at the forefront of decision making, not an afterthought.  Privacy compliance needs to be embedded in your product development, procurement and processes.

All your staff need to understand that privacy and data protection are about much more than security.  They are about keeping personal information safe, but they are also about giving individuals rights in relation to their personal information and making it easy for those individuals to exercise their rights. 

The Privacy Compliance Hub, its screens, its features and how it helps organisations to establish and maintain a culture of continuous privacy compliance.

Watch video

Why The Privacy Guy thinks you should care

Let’s think about a world without data protection.  Soon, every product or service you purchase will process detailed personal information about you.  Without data protection, organisations will know where you live; who you live with; how much you sleep; how, why, when and where you travel; how much you drink and eat; what is in your fridge; how much you exercise (or don’t); what medical conditions you have; what your mental state is; what you aspire to; what your political ideologies are; who your friends are; when and where you go on holiday and who with.  Those organisations will then share that personal information with each other, or sell it.

That is why you should care about how your organisation processes personal information.

What The Privacy Guy needs you to do

You need to make sure that all your staff understand and care about protecting personal information and ensuring individuals have rights in relation to that personal information.  Your staff need to understand the importance of data protection impact assessments (DPIAs) and when to use them.

All your people need to know the importance of building privacy into everything that you do – all your processes, products and services.  They need to know who to ask when they think that something doesn’t seem right from a data protection perspective.

Finally, and perhaps most importantly, people need to ask whether they really need to collect and/or use that personal information in the first place.

Our Founders, Karima Noren and Nigel Jones, explain their vision for The Privacy Compliance Hub, what makes it different, and how it enables organisations to own their compliance.

Watch video

A culture of continuous privacy compliance

At The Privacy Compliance Hub, we help organisations establish and maintain a culture of continuous privacy compliance by making everyone in an organisation understand privacy, care about privacy and do their bit to protect personal information.  Privacy by design and by default is at the heart of that culture. Unless privacy by design and by default is built into everything you do, then privacy is not part of your organisation’s culture. Our platform contains a structure, a programme, a route map, records, information, reporting and training to enable all organisations to build that culture and comply with privacy rules including the GDPR and the CCPA.

More to watch and read