How to Prepare for Security and Privacy by Design and by Default, Once

This workshop will review article 25 and its requirements for Privacy and Security by Design and by Default, and then dive into a comprehensive approach for compliance, showing at least two levels of differentiation, starting with those companies that profile their customers (retailers and so forth).

By making it interactive, it is hoped that all attendees who desire to participate, can share where they are in their thinking and planning in this critical part of GDPR, thereby helping others to think through their own situation and needs.

Key Takeaways

• An understanding of the foundational critical success factors necessary for this effort to succeed:
  • Privacy and Security Risk Assessments and review and approval
  • The privacy principles that need to be implemented, beginning with Data Minimization, with appropriate controls, and monitored for effectiveness in achieving proper security, privacy and compliance
  • Data Categories for your data, at a minimum, if Data Classification is not in place
  • The need for a Privacy Inventory and what it should contain
• An understanding of the history of Privacy by Design by a quick review
• A substantial understanding of NIST’s Privacy Engineering Approach and what to adapt from that, plus where to go for more information
• An understanding of a sample Privacy Life Cycle with identified acceptable practices and risks to avoid
• An approach to devising your plan to be able to show evidence of compliance upon demand.