top of page

Privacy and Data Protection by design

Many times when speaking to organisations and businesses we hear the view that thinking about Privacy and Data Protection is something that can be done later almost as a bolt-on.

In our experience thinking about Privacy and Data Protection early is key to getting it right and setting out the approach, dependencies and landscape your business or services are operating in.

It is in fact a requirement to be able to demonstrate you have done this. We suggest that organisations and businesses do a test to see whether new products and services need a full Data Protection Impact Assessment. This helps form the thinking of the characteristics of the product and service.


We will perform a short structured review of existing products and services to assess whether they trigger a full DPIA. We will then look at which services need a full DPIA and the artefacts required to show privacy and data protection have been factored into the service design.

bottom of page