Privacy and data protection considerations

If people entrust your company with their personal data, it is your responsibility to protect it. GDPR provides a good framework even if it doesn’t apply in your geography.

Below is a list of things you can do in no particular order which I use as a cheat sheet when I start up a data protection programme in a company.

Inventory

Make an inventory of all personal data you hold. Know (and document) what and how you collect, why you collect it, who you share it with and where and how long it is being stored.

Honour the rights of individuals

Develop comprehensive processes to support data subject access requests (right to be informed through consent and notice, right to access and data portability, right to erasure, etc.).

Privacy and security by design

Make privacy, compliance and data protection considerations during product development with regular review and testing. Minimise and don’t store beyond necessary.

Technical security measures

Implement technical controls to protect customer data, for example access control, encryption, logging and monitoring.

Processes for breach response

Establish an end-to-end incident identification and response process to handle security and privacy incidents as part of the broader security strategy.

Awareness and training

Provide data protection and privacy training for staff. Extra points for regular bespoke education and awareness sessions addressing topical issues.

Data Protection Officer

Appoint a data protection officer and get legal support. Perform data identification and classification. Make conducting privacy impact assessments on new projects a habit. Involve relevant stakeholders.

Legal framework

Get on top of data protection addendums to agreements, vendor management, client consent management and cross-border transfer agreements.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s