Privacy by design checklist: how to build a proactive data strategy
Following a privacy by design checklist can be the difference between meeting or failing to meet the GDPR requirements.
To combat these alarming figures, the EU launched the General Data Protection Regulations (GDPR), which came into affect in May 2018.
In a bid to get ready, many companies asked how they could make their policies compliant with the new rules.
But we believe this is the wrong question.
For threat prevention to be resilient, your IT security must be more than just reactive. Rather than focusing on bending your current security policies to meet the GDPR guidelines, you need to build in privacy by design.
Let’s take a look at three key ways to build a proactive privacy by design framework and increase the power of threat detection.
Privacy by design principle #1: security health checks
Frequent security health checks play an important role in ensuring policies and procedures are followed correctly. However, only 25 percent of companies have completed an internal cyber security audit in the last 12 months.
To mitigate risk, your company must conduct semi-annual audits. These can be done internally, or externally. These audits should include:
- Security risk assessments
- Vulnerability assessments
- Penetration testing (testing a computer system in order to find vulnerabilities that an attacker could exploit).
To build self audits into your privacy by design framework you’ll need to:- Plan ahead: ensure minimal disruption by letting your company know well in advance.
- Promote the benefits: be vocal with your teams about why you are auditing.
- Be open to feedback: ask your team about how your security plan affects their work.
Privacy by design principle #2: secure online backups
In 2015, a staggering 81 percent of people cited security as their main cloud concern. Thankfully, opinions regarding the cloud are changing. Vivek Kundra, former federal CIO of the United States, says that:
“Cloud computing is often far more secure than traditional computing, because tech companies can attract and retain cyber-security personnel of a higher quality than many governmental agencies.”
Files stored in cloud services are some of the safest available. By migrating to the cloud, using protected cloud applications and engaging in secure password policies, your data is far less likely to suffer the same vulnerabilities as that on-premises.
John L. Miller, PhD in distributed systems, states the following as key reasons the cloud is safer:– Redundancy: cloud services typically store at least three copies of each piece of data, all in different, geo-redundant locations
- Security: cloud data centers are physically secure. There are also many ways to protect your local device using cloud-powered Identity Access Management and Enterprise Mobility Management.
Privacy by design principle #3: Layered defence
Depending on a single security solution is a recipe for disaster. Layered defence creates multiple layers of protection across your network.
When designing your privacy by design framework, make sure you are implementing several layers of protection. These should include:- Anti-virus software: 65 percent of survey respondents use anti-virus software (AVS)
- Biometric authentication: retina scan, facial recognition and fingerprint scan are some of the most trusted security features in the UK
- Firewalls: 43 percent of those surveyed have firewalls installed
Unfortunately, due to the ever growing sophistication of malware, AVS has struggled to keep pace. As a result, AVS is no longer deemed secure enough acting alone. For maximum protection, deploy multiple measures to create a resilient security matrix.
Privacy by design requires secure foundations
There are no quick fixes when it comes to data privacy. To ensure GDPR compliance across your company, you must go back to your security foundations and build in privacy by design.
When designing your strategy remember to:
– Ensure your company is compliant at all times by doing regular security audit
– Protect against data loss or corruption by keeping secure online backups
- – Protect yourself from malicious attack with layered defence
A proactive data privacy strategy is built from the ground up with privacy in mind. If you would like to find out more about the ways Doherty can help you build privacy by design into your business, get in touch today.