‘Privacy by design’, or as it’s now known, ‘data protection by design and default’, refers to Article 25 of the UK GDPR. This principle makes it a legal obligation for controllers to implement organisational controls which ensure data protection issues are addressed at the design stage of any project. But what does the regulation mean when it refers to organisational controls?

Credential leakage on the dark web is constantly growing, which reveals a painful reality: a significant proportion of organizations still don’t protect employee data properly. A report published by Arctic Wolf highlights that the number of corporate passwords that have been leaked to the dark web has shot up by 429% since last March. Thus, on average and for each organization, up to 17 credentials (including username and password) are available on the dark web.

A 2019 report by Ofcom shows that 50% of ten-year olds own mobile phones. While viewing of video-on-demand (with YouTube as firm favourite), has doubled in the last five years among children. Platforms like TikTok are rapidly growing in popularity. Sadly, more and more children are being exposed to hateful, violent and disturbing contents on these platforms.

Healthcare providers collect, process and share citizens’ most highly sensitive personal data – from names, dates of birth and contact details, to medical and financial information. The loss of this data by healthcare organisations can cause significant emotional distress to patients if private medical conditions are disclosed, and also make them more vulnerable to identity theft, fraud and further cyberattacks.

The need for “Zero Trust” today is no longer the same as what we talked about years ago when the term was first coined. Back then, businesses only had a handful of remote workers signing in to the corporate network. The common wisdom of the day dictated that you couldn’t implicitly trust the authentication of those remote users any longer because they weren’t on the company LAN and the common solution was installing two-factor authentication.

It’s no surprise that cloud adoption continues to be a major force impacting organizations today. A 2020 McKinsey survey indicated that many organizations saw several years worth of digital transformation take place in 2020. An IDG survey, which we referenced in our Securing Best of Breed SaaS Applications webinar, suggested that 95% of organizations expect to be partly or fully in the cloud by the end of 2021, with almost half the applications used by their workforce being SaaS or open source.

The following is an excerpt from Netskope’s recent white paper How to Design a Cloud Data Protection Strategy written by James Christiansen and David Fairman.

TModern data protection has five key drivers, all of which an organization must seek to understand. These drivers equally apply to cloud and non-cloud related data and should form the basis of any robust data protection strategy.

The Data Protection Act 2018 is the legislation enforced by the Information Commissioner’s Office (ICO), UK, to protect personal data processing and data stored on the computer, digital media, or paper filing systems.