Skip to main content

Why privacy first?

New data regulations have made strong data privacy management indispensable for any organization that collects or uses personal data. Obviously, that means all of us!

Along with the pressure to keep up with higher standards for privacy in order to avoid fines and sanctions, there is an even more compelling reason for companies to make privacy a priority: To meet the demand of consumers.  

Privacy first = customer first

People today know the value of their data and are aware of the risks and consequences of it being misused, leaked, or lost.  Your customers want and deserve the best possible privacy management you can provide.

Therefore, privacy management and proper data ethics are key ingredients that add to your company’s brand value. 

However, most companies still have not put the necessary resources into their privacy programs to keep up with global standards or satisfy the needs of consumers, and so fall far short of the mark.   

What about your company? Of course, running a business requires you to juggle a number of goals and priorities. But where does privacy management fall on your list?  

What is a privacy first culture?

What is a privacy first culture?

A privacy-first culture makes privacy the default for data processing throughout your organization, while still letting you use data you control to its fullest potential. 

Creating a privacy-first culture within your organization is about much more than just legal compliance. It means placing privacy as a top priority in your overall data strategy. This requires central supervision and cooperation from all branches and departments. 

Privacy culture > Privacy strategy

Privacy laws are directed to businesses or “data controllers” in general. Your business has its own unique requirements. This makes the specifics of compliance tricky to navigate and apply. Unfortunately, there is no perfect checklist that can guarantee compliance. Especially since there may be more than one set of regulations that applies to you and your customers. 

Establishing a privacy-first culture in your workplace as the standard on which you collect data is the right path forward.  

The good news is that it is easier to establish a privacy-first culture now, rather than waiting to review your practices until an issue is raised or a breach is found.  

Start by knowing what types of data must be kept private, where that data is stored, who has access to it, and how secure it is. 

Understand the types of data must be kept private

First, educate your team.

Whenever you and your employees accept information about someone, you should quickly recognize the types of data that must be protected:

Personally identifiable information (or PII) is defined as information that can (alone or in combination with other data) identify an individual 

Sensitive PII, or sensitive data, is a subcategory of personal information that, if compromised, may cause greater harm to the person (financial or otherwise).  

This may include: 

  • Government issued ID numbers (Driver’s license, CPR, Social Security, etc.) 
  • Financial information, like bank numbers and passwords. 
  • Health information  
  • Race or ethnic background 
  • Political opinions and religious or philosophical beliefs  
  • Membership in a trade union  
  • Sex life or sexual orientation,  
  • Genetic data and biometric data.  

Tip: Make sure that your employees recognize personal and sensitive data and understand the importance of protecting it. Anytime you share it, use encryption to protect it in transit, and store it in secure folders with password protection. Try ShareSimple, our user-friendly add-in for Outlook for safe file sharing by email.

Want more free data privacy tips?

Get the latest data privacy management news, trends and expert tips delivered straight to your inbox.

    Where is data stored, and who can access it?

    Next, raise awareness of where and how data is stored.

    In most companies, each department processes data differently, and for different purposes.  

    The accounting department, the marketing department, the HR department, IT… etc., all handle and store different personal data of varying degrees of sensitivity.  

    Do all your employees have free access to upload and download to and from your cloud environment? Imagine how much data you can accumulate as a company.

    Indeed, for most companies, the volume of data scattered across multiple data lakes, databases, apps, plus email accounts and personal computers is massive. 

    Monitoring these petabytes of data in a dynamic work environment becomes nearly impossible without dedicated software.  

    Monitor and flag sensitive data

    Interestingly, regulations don’t always have very specific requirements for how you protect personal data, but they do require you to track it and have a plan/system in place to protect all the PII you store.  

    To illustrate, a lifeguard cannot prevent every emergency, but he must always have his eyes on the water and be quick to minimize or eliminate hazardous situations and behaviors. Tools he can use to avoid ever grabbing a lifesaver ring include an elevated stand, binoculars, warning flags, etc.  

    Likewise, a company DPO should also keep their “eyes on the water” by maintaining visibility of all company data, flagging it by sensitivity, and recognizing risky processes and behaviors. Then, they can easily implement best practices for data storage.  

    But the level of visibility required to do this effectively creates a need for specific tools. 

    Team discusses privacy first culture and data mapping results

    Privacy first software

    Data discovery software can collect and categorize all your team’s data by sensitivity. This gives your DPO a bird’s eye view of all your data, its security and privacy risk level. It can also get your whole team involved so they become more privacy-aware. 

    DataMapper automates data discovery and classification of data assets and sensitive information across all your storage systems. 

    DataMapper uses:

    • AI for speed and accuracy 
    • An advanced data detection engine with built-in and custom data elements for effective data discovery. 
    • Artificial intelligence, machine learning, and natural language for contextual analysis to accurately detect sensitive data in structured and unstructured systems. 
    • Simultaneous scans for faster data discovery. 
    • Multiple format search to discover and flag all your sensitive data. 

    Develop a privacy-first culture by educating your team and increasing privacy awareness. Set up strong privacy management practices that include safe file sharing and sensitive data discovery.  Above all, prioritize privacy. This will build trust and loyalty in your customers and employees. And as an added bonus, you’ll stay on the right side of global regulations! 

    Sebastian Allerelli

    Governance, risk, and compliance specialist