The 4-step guide to data privacy

Step 1: Analyze

Quality In, Quality Out

Background Research

  • Survey Results: Some organizations make the mistake of thinking a survey is all you need in the input phase. While surveys won’t give you all the answers, they can provide valuable information when combined with other input elements, especially your interviews.
  • IT System Documents: Chances are you have some kind of documentation of your organization’s IT system. Even if it’s a couple of years out of date, it can offer some valuable insights about how you handle personal data.
  • Data Discovery Tool: There are tools on the market that can automatically track down data across your organization; however, not all are equally effective, and not all organizations can afford them. While these tools can be extremely helpful for midsize-to-larger businesses, smaller organizations may not need them due to their smaller number of systems.

Interviews with Business and IT Teams

Step 2: Plan

Step 3: Implement

  • Updating existing policies and third-party contracts
  • Writing new policies
  • Implementing system changes such as access control, consent management, and other security measures, as well as capacities to accommodate data subjects’ rights (halt data processing for those who opt out, delete data without “orphaning” other records, etc.)
  • Creating procedures for required actions, such as accommodating a data subject’s request to access or erase her data, after verifying the that data subject is who she says she is so you don’t accidentally contribute to identity theft

Step 4: Govern and Train



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store