Embedding Data Protection By Design
Data protection by design & default is a key requirement of GDPR. The aim is to ensure that data protection becomes part of your organisational DNA, rather than an adjunct. The concept is not new, but it is now a legal requirement.
Data protection impact assessments form a key part of data protection by design, but do not ensure compliance on their own. Data protection by design requires privacy to be considered from the inception of any new activity, through build, operation and ultimately closure. Whether it be a marketing campaign, IT project or customer service process, you should be considering privacy& data protection implications, creating an audit trail of decisions taken and changes implemented. Get this right and it forms the core of accountability.
This is a complex and challenging area, so to support our clients we have developed a series of propositions that will help them to understand and implement data protection by design &default.
Data Protection by Design Health Check
Data protection by design & default is a foundation stone of accountability. It involves considering privacy at key points through product and service lifecycles, enabling to create an audit trail of relevant decisions taken and changes implemented. This is a key component of demonstrating accountability.
Embedding it across your organisation will not come from a single consulting engagement, it should be a process of continuous improvement. The question is where to begin.
Our health check engagement we will provide you with:
- An understanding of which processes should encompass data protection by design;
- A gap analysis by process;
- A set of prioritised recommendations;
- An action plan to achieve compliance.
This will provide you with a baseline for data protection by design and default, allowing you to put in place an improvement plan to reach your end goal.
Data Protection Impact Assessment
Data protection impact assessments (DPIA) are not something that many organisations will need to conduct on a regular basis. Legally, they are only required where the proposed service / product poses a high risk to impacted individuals or new technologies are involved.
For organisations without retained expertise, these can be daunting. This is where we can help by conducting a DPIA on your behalf.
Our DPIA service will provide you with:
- A structured approach to undertaking a DPIA;
- Preparation of the DPIA and review with key stakeholders;
- Regulatory engagement (if required);
- Engagement at key points across the project lifecycle the ensure data protection recommendations are being adhered to.
This will provide you with the confidence that your legal obligation to undertake a DPIA has been undertaken.
We created DP Assure as a serviced based approach to providing privacy & data protection advice to our clients. Our aim is to be an extension of your team, acting as a trusted advisor. By getting to know you, we will be in a better position to offer you pertinent and timely advice.
Data protection by design & default involves embedding data protection into the DNA of your organisation. In our view, this is best achieved through an iterative, supportive approach rather than a one-off consulting engagement. As part of DP Assure we get to know your organisation, providing access to expertise that can be used to guide and support you through the implementation of data protection by design. This is an alternative approach to a conventional consulting engagement, providing you with a cost-effective approach to addressing regulatory change.
If this sounds interesting, see DP Assure for more information.