Demonstrate Data Protection by Design for IT Systems

Design to build in privacy from the start.
 Join Now

If you're already a member, click here to log in.

Major Business Pain Points

  • The most direct way for an organization to demonstrate their commitment to privacy is to develop a full-scale privacy program.
  • However, going from zero to hero just isn’t realistic for smaller organizations who need a more incremental approach to privacy and data protection, but one that still shows they take these issues seriously.
Demonstrate Data Protection by Design for IT Systems-Pain Points

Recommendations

Key Points

1. Data protection by design (DPbD) can be the foundation of a full privacy program.

  • It’ll be a light implementation, but the controls you use for data protection will serve later as building blocks for something larger and more formally laid out.
Demonstrate Data Protection by Design for IT Systems-Recommendations

2. Privacy by design (PbD) and DPbD are not how-to guides.

  • Rather, they provide a functional way of understanding abstract principles, so exactly what each principle means will vary by organization and industry.

Approach

  • While a full-scale privacy program is nice to have, it is not absolutely necessary to demonstrate commitment to privacy and data protection.
  • By planning for data protection by design in your IT systems, you will be able to determine what controls are necessary and then account for privacy protection at every step of the data lifecycle.
  • By following this approach, you will also be laying the foundation for a complete privacy program to develop, but with the advantage of knowing that your program is tactically addressing the privacy constraints your organization faces.
 Subscribe to Premium

Methodology and Tools

Executive Brief

Read the concise Executive Brief to find out why you should implement a data protection by design program and review the methodology

  • Demonstrate Data Protection by Design for IT Systems – Executive Brief
  • Demonstrate Data Protection by Design for IT Systems – Phases 1-2

1. Determine what data protection by design means for you

Discover how data protection by design relates to the privacy by design framework and how to use regulations to crystalize what data protection by design means for your organization.

  • Demonstrate Data Protection by Design for IT Systems – Phase 1: Determine What Data Protection by Design Means for You
  • Threat and Risk Assessment Tool
  • Data Protection Impact Assessment Tool

2. Plan for IT-system data protection by design implementation

Implement the principles of data protection by design for your IT systems and use governance effectively to fill any gaps in preexisting systems.

  • Demonstrate Data Protection by Design for IT Systems – Phase 2: Plan for IT-System Data Protection by Design Implementation
  • Data Protection by Design Matrix
  • Data Protection by Design IT Systems Record

All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.