The presentation explains the concepts of the Data Protection implementation and Privacy-by-Design implementation; why it is so important especially for Start-up companies and what are the main aspects and components of Privacy program.
2. Why to implement Privacy?
❖ Global focus:
GDPR, CCPA, LGPD, HIPAA, Israel Privacy law
and more
❖ Non-compliance - risk to business:
↓ Legal - risk of suit
↓ Financial Consequences - fines
↓ Loss of business opportunities
↓ Critical factor for investment
↓ Late ad-hoc rework – multiplied cost
↓ Loss of Market Reputation
11/20/2020 Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 2
3. Common Mistakes in Startups approach
It is relevant only for large companies
it is all or nothing - if not everything, no point to do at all
We’ll worry about it later when we go to market
Information Security = Privacy Protection
We can copy what was done by another company
All regulations the same – one is done, all covered
Covering only part of the data used, e.g. ignoring HR data
Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 3
Result
Start-up hits the wall at market entry, closing
deals, investments
Ad-hoc late reworks that disrupt the product,
cause waste of budget and time
4. What is Personal Data
Any data related to an identified or identifiable person
Examples:
11/20/2020
Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 4
Name, ID, address, phone numbers, drivers license
Gender, date of birth, family status
Financial info, tax records
Private life data: photos, videos, geo-tracking, shopping history
Technical identifications: IP address, device type, cookies
Special Categories: health, religion, biometric, genetic, children’s data
🧑🤝🧑
🧑🤝🧑
🧑🤝🧑
🧑🤝🧑
🧑🤝🧑
🧑🤝🧑
5. Data Ownership models
5Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved
B2C
• Ownership of Data (Controller)
• Full responsibility
• Direct relationship with Data Subjects
B2B2C
• Processing for Controller (Processor responsibility)
• Data use also for own purposes (Processor and
Controller)
• Software vendor, no processing – Solutions should be
based on Privacy by Design
B2B
• Limited use of personal data – users, customers,
partners, vendors, employees
InternalData
6. Privacy program
Privacy By Design and By Default
11/20/2020 Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 6
• Product Strategy & Roadmap
• Architecture, Design
• QA & Validation
• Product Marketing
Product
• Privacy Policy
• Risk Assessments - DPIA, PIA
• Auditing, Reporting, documentation
• Legal: Supplier engagement, customer contracts, etc.
• HR & Finance
Operations
• Security Policy
• IT policies
• IT Vendors, Cloud providers, etc.
IT & Security
It’s a journey -
not a one-time event
7. Privacy by Design and by Default
Key for Privacy support
GDPR Art. 25
Data protection by design and by default
“the controller shall … implement appropriate technical and
organisational measures … in an effective manner and to integrate the
necessary safeguards into the processing in order to meet the
requirements of this Regulation and protect the rights of data subjects”
Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 7
Privacy by Design
Privacy support is imbedded in the Product
functionality and organizational processes
Privacy by Default
Privacy is the default set-up - No special action
required from user to achieve privacy
8. Privacy Compliance program
Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 8
Discovery: Data mapping, Regulations, Risks
Baseline Program Plan & Execution
Awareness, Training; Compliance Documentation
Privacy Governance, Sustaining Compliance
Continual Evolution, DPIAs, Reviews & Audits
Efficient program is critical for Start-ups - No time or budget for trial-and-error
9. Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 9
PrivacyRoad Services
Benefits of Compliance:
√ Competitive business
advantage
√ Removing obstacle for
business and investments
√ Minimization of potential
Data breach damages
and costs
√ Better utilization of data
Discovery:
Map & Analyze
Design &
Planning
Privacy
Program
support
Compliance
Documentation
Awareness &
Training
Follow-up
consulting &
support
Guiding Start-ups and Software companies on Privacy Compliance and Privacy-by-
Design implementation in practical and efficient way
10. About me…
❖ 30 years of experience in leadership roles
of Software Product Development and
Delivery – from start-ups to large
enterprises
❖ Data Privacy knowledge & certifications
Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved 10
Tanya@privacyroad.co
+972-54-2468156
Linkedin: Tanya Yankelevich
Leveraging the combined experience to
guide Start-ups in Privacy-by-design
implementation though products and
processes
For more information – please contact:
Tanya Yankelevich
Founder, PrivacyRoad
11. 11/20/2020 Presentation created by Tanya Yankelevich, PrivacyRoad. All Rights Reserved
Some Quotes about Privacy…..
Privacy is the new competitive battleground
“…. By not only meeting the demands of these new regulations but
exceeding them, companies have an opportunity to differentiate
themselves from competitors to grow their bottom line, thanks to new
technologies that put data privacy in the hands of consumers.”
Alex Andrade-Walz, Techcrunch, December 16, 2020
”Without privacy, there was no point in being an individual.” – Jonathan
Franzen
“Data is Old; Humans Are the New Oil”, Joseph Carson, Chief Security
Scientist at Thycotic
11