The Golden Rules of Data Privacy

Data Privacy - The New Reality

Organizations face challenges and opportunities with new data privacy regulations. If they follow these golden rules, they can find success with their GDPR compliance.



Develop a data inventory within your organization, map the information flow, and understand the impact of the GDPR in your organization

Develop a GDPR compliance strategy to describe steps the company will follow to demonstrate compliance. Key elements of this strategy should include:

  • Maintain records of their processing activities and identify those that present a higher risk

  • Assign legal basis for each processing operation

  • Develop transparent and specific privacy notices

  • Implement third parties’ due diligence and data processing agreements

  • Confirm whether the designation of a data protection officer (DPO) or a representative in the EU is required

  • Implement appropriate safeguards when personal data is transferred outside Europe

  • Ensure a security program is in place to protect integrity, confidentiality, and availability of information, considering privacy by design, encryption, pseudonimization, and anonymization techniques

  • Develop a data retention policy and appropriate processes to address data subjects’ rights, to notify data breaches when appropriate, to conduct data protection impact assessments

  • Provide privacy training to improve privacy awareness

  • Focus on monitoring compliance with privacy regulations on a regular basis


In addition, specific provisions may apply locally or depending on the type of activity or the sensitivity of the personal data processed (e.g., when processing health, biometric, or genetic information; in the employment context; when conducting research activities or clinical trials; or in the online context with the ePrivacy directive). 

For more information, read the GDPR and Data Privacy special report.

Download the PDF

About the Experts

Back to top