Data Privacy Best Practices

Data Privacy Best Practices Emerging from Leading Organizations

Data privacy best practices provide guidance to organizations on how to obtain and manage compliance readiness. Best practices cover areas such as breach notification, territorial scope, DPIAs, binding corporate rules, data portability, and data protection officers. Several regulatory and standards organizations have developed best practices to help companies understand their responsibilities and to provide prescriptive guidance on implementing policies and controls. These best practices can be considered policy and process oriented, but do not make specific technological recommendations.

What Are Some Examples of Privacy Best Practices?

• The European Data Protection Board (EDPB) has developed many guidelines for compliance with GDPR. This responsibility was set forth in Article 70 of the GDPR.
• The Business Software Alliance (BSA) has created a regulation neutral set of guidelines for data privacy. These guidelines represent practices that benefit all companies’ privacy efforts regardless of the regulation.
• The National Institute for Standards and Technology has a data privacy framework for organizations to leverage for data privacy readiness. This framework is regulation neutral and provides guidance for operations, policies, and controls to implement and manage data protection and privacy.
• The Personal Data Protection Commission (PDPC) in Singapore provides guidance for complying with the Singapore Personal Data Protection Act (PDPA).

What Are Best Practices/Requirements for Privacy Technology?

• Automation and Integration of Privacy Tasks: With the growing complexity and number of privacy regulations, organizations can not rely on manual processes.  Privacy regulations touch broad swaths of a companies data, staff, processes and business partners. Without automation, compliance readiness and management would require unrealistic staff and collaboration challenges to organizations.
• Machine Learning (ML), Natural Language Processing (NLP) and Artificial Intelligence (AI): In support of automation, ML, NLP and AI allow the organization to track privacy data in context and not bound but rigid rules and policies.  Privacy data is dynamic and occurs in many forms and these capabilities allow organizations to keep track and manage exponentially growing, geographically dispersed and structurally diverse data and data sets.
• Scalability: Most organizations will double their data every 18 months; in addition, new users, new applications and business partners will require organizations to monitor broad landscapes for privacy readiness and compliance.

Here are additional resources to learn more about data privacy best practices:

• European Data Protection Board, “GDPR: Guidelines, Recommendations, Best Practices”
• Business Software Alliance, “Global Privacy Best Practices”
• National Institute for Standards and Technology, Data Privacy Framework
• Technopedia, “Better to Ask Permission:  Best Practices for Privacy and Security”

You just learned about Data Privacy Best Practices, now explore related terms like Data Privacy, Data Governance, Transparency, Data Privacy Risk, Privacy Impact Assessments, The NIST Privacy Framework, and Privacy by Design.