Compliance with the Data Protection Act (1998) is a legal requirement in the UK and meeting these requirements establishes a minimum level for data privacy. Most established UK businesses already comply with the DPA, and I am pleased to report that many satisfy the information security requirements of the DPA using the best-practice guidance provided by the ISO 27001 standard.
Data privacy can be complex to achieve in all strategic and operational areas of an organisation, however, and requires that senior managers are fully aware of the implications.
Privacy impact assessments (PIAs) are at the heart of taking a ‘privacy by design’ approach. They allow organisations to find and fix problems at the early stages of any project, reducing the associated costs and damage to reputation that might otherwise accompany a breach of data protection laws and regulations. Such projects could include a new business acquisition, a new service, or just a new marketing campaign targeting a group of new prospects. Privacy impact assessments also help to meet the growing privacy and data security expectations of customers, employees and other stakeholders.
Privacy by design
The ‘privacy by design’ approach is recommended by the UK Information Commissioner’s Office (ICO), as outlined in its report Conducting privacy impact assessments code of practice. Although it has been a long time coming (nearly four years!), the EU General Data Protection Regulation (GDPR) will also confirm that privacy impact assessments will be mandatory for larger projects. While it is estimated that the EU GDPR will take up to two years to implement in all member countries, the importance of privacy impact assessments has been reinforced by their future inclusion in the data privacy laws of every country in Europe.
The IT Governance Ltd training programme is dedicated to helping UK IT professionals and their organisations achieve both compliance with the Data Protection Act and the implementation of effective data privacy controls using PIAs. This is supported by our DPA Foundation Training Course and unique Privacy Impact Assessment (PIA) Workshop.
The Privacy Impact Assessment (PIA) Workshop is a one-day classroom session designed to provide delegates with the practical knowledge to deliver effective PIAs. It costs just £350 + VAT, with the next session running in London on 26 February 2016.