In scope – a useful hands-on guidance from IAPP authors for privacy pros on what to focus when taking very first steps to internalize PbD principle.
It may come as a surprise for us being buried under tons of privacy-related papers that the author suggests to begin with the inner privacy culture and getting C-level buy-in with this regard. However, it can be confirmed that this is in fact very true. At least, this will make people listen, but this is, of course, not entirely enough. Click below to know what should be brought to your attention next.
2 Replies to “‘Privacy by design’: does all begin with corporate privacy culture?”
Aside from the privacy particulars in the article, I would say that major cultural changes in an organization (including privacy) often need to start at the top and need C suite buy in. The IAPP article is a good introduction – I’m an IAPP member and get all of their emails and announcements, but sometimes it is too much when we are getting swamped with daily work….
Maybe I’m just being picky here but the author is using Pbd not data protection… PbD as defined by Ann is not the same as data protection by design by default (GDPR). Although the roots of Data Protection by Design by Default are derived from the concept of PbD. To get ‘C’ level buy-in is required to achieve the latter but not the former – which are design choices targeted in main at technology design/build, etc., by architects, programmers, etc.