Demonstrate Data Protection by Design for IT Systems
Claiming to take privacy seriously isn’t enough; it’s time to show your work.
- The most direct way for an organization to demonstrate their commitment to privacy is to develop a full-scale privacy program.
- However, going from zero to hero just isn’t realistic for smaller organizations who need a more incremental approach to privacy and data protection, but one that still shows they take these issues seriously.
Our Advice
Critical Insight
- Data protection by design (DPbD) can be the foundation of a full privacy program.
- It’ll be a light implementation, but the controls you use for data protection will serve later as building blocks for something larger and more formally laid out.
- Privacy by design (PbD) and DPbD are not how-to guides.
- Rather, they provide a functional way of understanding abstract principles, so exactly what each principle pair means will vary by organization and industry.
Impact and Result
- While a full-scale privacy program is nice to have, it is not absolutely necessary to demonstrate commitment to privacy and data protection.
- By planning for data protection by design in your IT systems, you will be able to determine what controls are necessary and then account for privacy protection at every step of the data lifecycle.
- By following this approach, you will also be laying the foundation for a complete privacy program to develop, but with the advantage of knowing that your program is tactically addressing the privacy constraints your organization faces.
Demonstrate Data Protection by Design for IT Systems Research & Tools
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should implement a data protection by design program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.
1. Determine what data protection by design means for you
Discover how data protection by design relates to the privacy by design framework and how to use regulations to crystalize what data protection by design means for your organization.
2. Plan for IT-system data protection by design implementation
Implement the principles of data protection by design for your IT systems and use governance effectively to fill any gaps in preexisting systems.
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 2-phase advisory process. You'll receive 4 touchpoints with our researchers, all included in your membership.
Guided Implementation 1: Determine what data protection by design means for you
- Call 1: Data Protection Planning
- Call 2: Assessing Risk and Privacy Issues
Guided Implementation 2: Plan for IT-system data protection by design implementation
- Call 1: Practical DPbD
- Call 2: Demonstrating DPbD
Contributors
- Paul Withers, PGC, Data Protection Manager at Walsall Metropolitan Borough Council
- Patrick Lo, CISSP, CIPP/C, CEO at Privacy Horizon Inc.
Privacy by Design for Digital Marketing
Build a Data Privacy Program
Mature Your Privacy Operations
Discover and Classify Your Data
Fast Track Your GDPR Compliance Efforts
Secure Your High-Risk Data
Ensure Your Pandemic Response Plan Is Privacy-Proof
Comply With the California Consumer Privacy Act
Build an Effective Data Retention Program
Demonstrate Data Protection by Design for IT Systems
Tech Trend Update: If Digital Ethics Then Data Equity
Prepare to Privacy-Proof Your AI Technology
Prepare for PCI DSS v4.0
Comply With the California Privacy Rights Act