Invest in Privacy by Design to comply with GDPR, warns EC official
Collibra welcomes Dennis Slattery as our guest blogger on the topic of GDPR
Paul Nemitz, Director for fundamental rights at the European Commission’s Justice Directorate said “companies should pay close attention to the GDPR’s brief but important mentions of privacy by design and security as mitigating factors when calculating potential fines for violations.”
With fines of up to EUR20,000,000 or 4% of global annual turnover (whichever is larger), it is essential for organisations worldwide to pay attention to GDPR requirements for privacy by design. Having evidence of good practice is essential to mitigate potential fines in the event of cyber attacks or security lapses within the organisation or its outsource providers.
Privacy by design means more than putting check boxes on web pages or enhancing security. It means having a fundamental end-to-end understanding of how data is captured, transformed, held and destroyed. It means knowing the data’s location, its quality, the accountable person, and the controls around it.
GDPR has made ‘privacy’ a board level agenda item with senior management held accountable. Organisations need effective governance and control capabilities that deliver information and controls senior management need to ensure good practice is followed and, where necessary, remedial action is carried out quickly and effectively.
The data governance framework must be capable of maintaining accurate and timely information on data inventory, location, flow, quality, ownership, accountability and controls. Effective tools and a strong governance organisation structure are crucial parts of proving adherence to privacy by design and having the capability to respond efficiently to incidents if they happen.
On 18th October A-team hosts the “Webinar: GDPR: How to build a data protection framework” which discusses the contribution that effective data governance methods and tools can make to GDPR compliance. Sarah Underwood from the A-team discusses the approach Collibra takes to data governance with Koen Van Duyse, Subject Matter Expert Regulatory Compliance, Collibra and Dennis Slattery, designer of the Data Management Agenda for Privacy, EDMworks and author of GDPR: Key Facts and Impacts eLearning certification. I hope you’ll join us for this important discussion.
Kindly republished with permission from Data Management Review
Guest Blog Author, Dennis Slattery
Dennis is CEO of EDMworks and has been working in Data Management since 1990. He is a recognised specialist in data architecture, governance and regulatory data management. He has advised leading banks and investment firms in the US, Europe and Asia on governance strategies and implementation.