Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Implementing a by design and by default approach
Journal of Data Protection & Privacy,
2
(4),
350-361
(2019)
Abstract
Building upon the concept of privacy by design, security and data protection by design and by default are important obligations within the General Data Protection Regulation (GDPR) and associated national legislation. This paper seeks to summarise some practical approaches to develop effective capability to deliver by design requirements: (1) a whole project lifecycle design approach; (2) a contextual riskbased approach; (3) the use of goals and principles approach; and (4) integration of safeguards/controls into operational use. While by default requires: (1) only processing that is necessary approach; and (2) not releasing data to unauthorised people.
Keywords: by design; by default; risk; project management; governance; capability
The full article is available to subscribers to the journal.
Author's Biography
Richard Preece is director of DA Resilience Limited. In his various roles, he provides consultancy on cyber risk, data protection and overall organisational agility and resilience. He has designed and delivers GCHQ certified training courses, via the OSP Cyber Academy and is an executive fellow on the Henley Business School GDPR Integration Programme. He was a co-opted panel member of the recent British Standards Institute (BSI) BS 31111:2018 Cyber Risk and Resilience — Guidance for Boards and Executive Management. He is a co-opted member of the BSI’s governance panel for standards. Among various qualifications, he holds two master’s degrees, including an MSc in design of information systems.
