“Privacy by design” as a phrase may seem like common sense. After all, who on Earth would want to have their data monitored or outright stolen? Well, no one WANTS that to happen, but you would be surprised how few organisations are pro-actively thinking about that when designing or implementing policies/procedures.

The Privacy by Design framework dictates that privacy and data protection are embedded throughout the entire life cycle of technologies, from the early design stage through deployment, use and ultimate disposal or disposition. The foundational concept is that organizations need to build privacy directly into technology, systems and practices at the design phase, thereby ensuring the existence of privacy and appropriate controls from the outset. It’s a key recommendation of the upcoming EU GDPR.

I know you’re probably tired of hearing about GDPR.

GDPR isn't just standard data protection waffle. It's a whole new way of approaching personal data. And it's obvious when an organisation hasn't even bothered to attempt to comply. It has to be stressed that the main threats to your business with regards to GDPR isn't directly from the ICO but rather employees and clients who will want assurance that you can properly demonstrate that you know what you're actually doing.

Do you have the policies and procedures in place for identifying and addressing the different lawful basis for processing data?

No doubt with the latest privacy scares in mind, but also to comply with the upcoming EU GDPR, Apple are implementing a large-scale overhaul of their privacy controls on all Apple devices from iOS 11.3 onwards (with over 1 billion iPhones sold and counting, that’s a LOT of devices).

Just for a start the Cupertino giant is:

1) Introducing new privacy icons that shows up when Apple first asks to use your data.

2) Introducing four new tools that let you:
    a - Get a copy of your data
    b - Request a correction to your data
    c - Deactivate your account
    d - Delete your account

You might have heard this week of the big news regarding Facebook’s major privacy problems. The personal data of at least 50 million Facebook users was practically given away to a shadowy data analytics firm known as Cambridge Analytica, now known for its devious methods to influence elections and carry out blackmail operations.

That may seem like a big deal, but let’s be honest, this kind of thing probably happens far more and on a much more regular basis than anyone would like to admit. I’m willing to bet that the vast majority of ad-based tech companies have APIs and business models that are ripe for systematic privacy violations.

The so-called right to be forgotten (RTBF) is probably one of the most actively debated aspects of the original proposal by the EU Commission for the General Data Protection Regulation.

Article 17(1) of the GDPR establishes that data subjects obtain the right to have their personal data erased if:

• the data is no longer needed for its original purpose and no new lawful purpose exists;
• the lawful basis for the processing is the data subject’s consent, the data subject withdraws that consent, and no other lawful ground exists;
• the data subject exercises the right to object, and the controller has no overriding grounds for continuing the processing;
• the data has been processed unlawfully; or erasure is necessary for compliance with EU law or the national law of the relevant member state