Privacy by design checklist: how to build a proactive data strategy



Following a privacy by design checklist can be the difference between meeting or failing to meet the GDPR requirements.

In 2017, 47 percent of people had personally been victims of data fraud. While 37 percent of us also worried about their data privacy.

To combat these alarming figures, the EU launched the General Data Protection Regulations (GDPR), which came into affect in May 2018.

In a bid to get ready, many companies asked how they could make their policies compliant with the new rules.

But we believe this is the wrong question.

For threat prevention to be resilient, your IT security must be more than just reactive. Rather than focusing on bending your current security policies to meet the GDPR guidelines, you need to build in privacy by design.

Let’s take a look at three key ways to build a proactive privacy by design framework and increase the power of threat detection.

Privacy by design principle #1: security health checks

Frequent security health checks play an important role in ensuring policies and procedures are followed correctly. However, only 25 percent of companies have completed an internal cyber security audit in the last 12 months.

To mitigate risk, your company must conduct semi-annual audits. These can be done internally, or externally. These audits should include:

  • - Security risk assessments
  • - Vulnerability assessments
  • - Penetration testing (testing a computer system in order to find vulnerabilities that an attacker could exploit).

To build self audits into your privacy by design framework you’ll need to:

Plan ahead: ensure minimal disruption by letting your company know well in advance.
  • - Promote the benefits: be vocal with your teams about why you are auditing.
  • - Be open to feedback: ask your team about how your security plan affects their work.

get ready without getting stressed - download data compliance guide


Privacy by design principle #2: secure online backups

In 2015, a staggering 81 percent of people cited security as their main cloud concern. Thankfully, opinions regarding the cloud are changing. Vivek Kundra, former federal CIO of the United States, says that:

"Cloud computing is often far more secure than traditional computing, because tech companies can attract and retain cyber-security personnel of a higher quality than many governmental agencies."

Files stored in cloud services are some of the safest available. By migrating to the cloud, using protected cloud applications and engaging in secure password policies, your data is far less likely to suffer the same vulnerabilities as that on-premises.

John L. Miller, PhD in distributed systems, states the following as key reasons the cloud is safer:

Redundancy: cloud services typically store at least three copies of each piece of data, all in different, geo-redundant locations
  • - Security: cloud data centers are physically secure. There are also many ways to protect your local device using cloud-powered Identity Access Management and Enterprise Mobility Management.

Privacy by design principle #3: Layered defence

Depending on a single security solution is a recipe for disaster. Layered defence creates multiple layers of protection across your network.

When designing your privacy by design framework, make sure you are implementing several layers of protection. These should include:

Anti-virus software: 65 percent of survey respondents use anti-virus software (AVS)
  • - Biometric authentication: retina scan, facial recognition and fingerprint scan are some of the most trusted security features in the UK
  • - Firewalls: 43 percent of those surveyed have firewalls installed

Unfortunately, due to the ever growing sophistication of malware, AVS has struggled to keep pace. As a result, AVS is no longer deemed secure enough acting alone. For maximum protection, deploy multiple measures to create a resilient security matrix.

Privacy by design requires secure foundations

There are no quick fixes when it comes to data privacy. To ensure GDPR compliance across your company, you must go back to your security foundations and build in privacy by design.

When designing your strategy remember to:

- Ensure your company is compliant at all times by doing regular security audit

- Protect against data loss or corruption by keeping secure online backups

  • - Protect yourself from malicious attack with layered defence 

A proactive data privacy strategy is built from the ground up with privacy in mind. If you would like to find out more about the ways Doherty can help you build privacy by design into your business, get in touch today.


get ready without getting stressed - download GDPR guide

TOPICS: Data, Secure, Cyber security, GDPR

Written By: Doherty

Stay in touch

Enter your email address to subscribe to our newsletter

IT transformation roadmap CTA square

Technology is an incredibly powerful tool that can drive change, enable innovation and accelerate growth. Our blog is here to help you make sense of it with the latest new, advice and insights from Team Doherty.


Related blog posts

These real-world data breach examples will make you rethink your data strategy

Thanks to GDPR (General Data Protection Regulation), companies are more aware than ever of the issues data breaches can cause. But what can some of the biggest data breaches in recent history teach...

A data security breach is only a matter of time

In late 2014, FBI Director James Comey made what was, at the time, an alarming allegation against a supposed network of Chinese hackers. He suggested that every US firm had either ‘been hacked or...