Privacy-by-design for Startups - why, what and how
0 likes45 views
The presentation by Tanya Yankelevich outlines the importance of data privacy implementation for startups, emphasizing compliance with regulations like GDPR and CCPA to avoid legal, financial, and reputational risks. Common misconceptions about data privacy in startups are addressed, and the necessity of a privacy-by-design approach integrated into products and processes is highlighted as critical for sustainability and competitive advantage. The document also offers insights into personal data ownership models and outlines a structured privacy compliance program, stressing the need for continual evolution and adaptation in privacy practices.
Privacy-by-design for Startups - why, what and how
- 1. Data Privacy Implementation for Startups Privacy-By-Design Nov 2020 Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 1 Tanya Yankelevich +972-54-2468156 Tanya@privacyroad.co
- 2. Why to implement Privacy? ❖ Global focus: GDPR, CCPA, LGPD, HIPAA, Israel Privacy law and more ❖ Non-compliance - risk to business: ↓ Legal - risk of suit ↓ Financial Consequences - fines ↓ Loss of business opportunities ↓ Critical factor for investment ↓ Late ad-hoc rework – multiplied cost ↓ Loss of Market Reputation 11/20/2020 Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 2
- 3. Common Mistakes in Startups approach It is relevant only for large companies it is all or nothing - if not everything, no point to do at all We’ll worry about it later when we go to market Information Security = Privacy Protection We can copy what was done by another company All regulations the same – one is done, all covered Covering only part of the data used, e.g. ignoring HR data Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 3 Result Start-up hits the wall at market entry, closing deals, investments Ad-hoc late reworks that disrupt the product, cause waste of budget and time
- 4. What is Personal Data Any data related to an identified or identifiable person Examples: 11/20/2020 Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 4 Name, ID, address, phone numbers, drivers license Gender, date of birth, family status Financial info, tax records Private life data: photos, videos, geo-tracking, shopping history Technical identifications: IP address, device type, cookies Special Categories: health, religion, biometric, genetic, children’s data 🧑🤝🧑 🧑🤝🧑 🧑🤝🧑 🧑🤝🧑 🧑🤝🧑 🧑🤝🧑
- 5. Data Ownership models 5Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved B2C • Ownership of Data (Controller) • Full responsibility • Direct relationship with Data Subjects B2B2C • Processing for Controller (Processor responsibility) • Data use also for own purposes (Processor and Controller) • Software vendor, no processing – Solutions should be based on Privacy by Design B2B • Limited use of personal data – users, customers, partners, vendors, employees InternalData
- 6. Privacy program Privacy By Design and By Default 11/20/2020 Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 6 • Product Strategy & Roadmap • Architecture, Design • QA & Validation • Product Marketing Product • Privacy Policy • Risk Assessments - DPIA, PIA • Auditing, Reporting, documentation • Legal: Supplier engagement, customer contracts, etc. • HR & Finance Operations • Security Policy • IT policies • IT Vendors, Cloud providers, etc. IT & Security It’s a journey - not a one-time event
- 7. Privacy by Design and by Default Key for Privacy support GDPR Art. 25 Data protection by design and by default “the controller shall … implement appropriate technical and organisational measures … in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects” Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 7 Privacy by Design Privacy support is imbedded in the Product functionality and organizational processes Privacy by Default Privacy is the default set-up - No special action required from user to achieve privacy
- 8. Privacy Compliance program Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 8 Discovery: Data mapping, Regulations, Risks Baseline Program Plan & Execution Awareness, Training; Compliance Documentation Privacy Governance, Sustaining Compliance Continual Evolution, DPIAs, Reviews & Audits Efficient program is critical for Start-ups - No time or budget for trial-and-error
- 9. Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 9 PrivacyRoad Services Benefits of Compliance: √ Competitive business advantage √ Removing obstacle for business and investments √ Minimization of potential Data breach damages and costs √ Better utilization of data Discovery: Map & Analyze Design & Planning Privacy Program support Compliance Documentation Awareness & Training Follow-up consulting & support Guiding Start-ups and Software companies on Privacy Compliance and Privacy-by- Design implementation in practical and efficient way
- 10. About me… ❖ 30 years of experience in leadership roles of Software Product Development and Delivery – from start-ups to large enterprises ❖ Data Privacy knowledge & certifications Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 10 Tanya@privacyroad.co +972-54-2468156 Linkedin: Tanya Yankelevich Leveraging the combined experience to guide Start-ups in Privacy-by-design implementation though products and processes For more information – please contact: Tanya Yankelevich Founder, PrivacyRoad
- 11. 11/20/2020 Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved Some Quotes about Privacy….. Privacy is the new competitive battleground “…. By not only meeting the demands of these new regulations but exceeding them, companies have an opportunity to differentiate themselves from competitors to grow their bottom line, thanks to new technologies that put data privacy in the hands of consumers.” Alex Andrade-Walz, Techcrunch, December 16, 2020 ”Without privacy, there was no point in being an individual.” – Jonathan Franzen “Data is Old; Humans Are the New Oil”, Joseph Carson, Chief Security Scientist at Thycotic 11