“Data Privacy” & “Data Security” Conundrum

Data Privacy & Security are widely perceived as being one in the same, they are distinctly different.
Understanding these differences is crucial to better define policies and protection required for GDPR
compliance.
This may oversimplify what is a complex area, but privacy decisions focus on : what personal data to
collect, who can access it and when, how it is used, with whom it is shared and how long it is kept for.
Security represents the technology tools that safeguard personal data from unauthorized access, maintain
its integrity and ensure it is available when needed. Privacy principles are the heart of GDPR, and enforcing
them requires the right technology, processes, and behavior. So, it’s not an ‘either/or’, but an ‘and’ –
privacy and security should work together to achieve the best result.
Privacy by design – it’s all about building trust

Taking a proactive approach is what privacy by design is all about. Don’t let privacy be an afterthought.
When readying existing systems and processes for GDPR and for any new projects, being clear on privacy
impacts can help identify issues earlier, improve organizational awareness and ultimately help meet
requirements more easily.

Considering privacy often and early helps build trust in your organization. Customers and prospects are
increasingly looking for vendors who can demonstrate their commitment to privacy. Rather than a burden,
it can become a key differentiator.

Security to reinforce and manage privacy policies

You can't have privacy without security, but you can have security without privacy. The right security is
essential to underpin privacy obligations. Think of the bank teller who has authority to access your bank
account, but they can only do that when combined with the relevant authorization – for example, the
card and PIN number you provide when walking into a branch.
Like privacy by design, secure by design principles ensure security is considered right from the outset for
new systems, applications or processes. For those already in place, aim to ensure the most appropriate
and best protection possible. For example, giving customers the ability to authenticate using multiple
factors (e.g. email and SMS) can help protect their personal data against unauthorized access by someone
who may have stolen their password. Robust advanced cybersecurity protection, data encryption, and
data leak prevention play a key role in defending against attack, human error, and malicious actions. Role-
based access controls mandate selective access to personal data. In fact, as data subjects, we need to be
more vigilant about protecting our privacy. Who do you give data to? What passwords do you use?
Consumers will gravitate to organizations that can demonstrate appropriate security controls when
managing their personal data.
So, what are our top tips when considering privacy and security?

 Think of them jointly rather than in isolation.

 Inject privacy considerations early into new projects.
 Ensure security controls are appropriate and able to support privacy standards.
 Be transparent. Openly demonstrate your privacy and security credentials to help build trust.