Our blog

Discover the six key principles of GDPR data protection


18 April 2017

Jose Francisco Pereiro Seco

Blogs by author: Jose Francisco Pereiro Seco, Head of Data Security Europe, BT.


From May 2018, GDPR will legally require your organisation to build in data protection ‘by design and by default’. Our six principles explain how.

Preparing to protect citizens’ data.

The General Data Protection Regulation (GDPR) will make compulsory what is already good practice around data protection and privacy. As citizens are ever more aware of how vulnerable their information is, smart organisations are already taking steps to build protections into every aspect of their operations.

The regulation gives citizens of EU countries greater rights over their personal information, and places greater obligations on organisations to protect this data. We cover exactly what’s required under the regulation in more detail in our introduction blog.

The regulation is crystal clear: organisations must incorporate data protection “by design and by default” into every level of their business and throughout every aspect of their processes. This means prioritising and ensuring privacy across the complete lifecycle of any business activity.

Review your GDPR position against the six key principles of compliance.

No matter how far forward your organisation may be along the path to GDPR, it’s worth reviewing your progress against the six key principles of compliance to make sure your security is watertight.

You can read more in our white paper, but here’s an overview of the fundamentals you need to balance, in order to achieve detective, preventative, proactive and reactive security controls.


Make sure your systems and processes proactively seek out potential privacy infringements — and tackle them before they become an incident of note to the GDPR.


Protection and privacy compliance must be built into your IT systems and processes to the extent they take place automatically.


At every level, privacy must be an essential component of your organisation’s functionality.


Everything you put in place for GDPR compliance must be open to, and able to stand up against, independent verification processes. Privacy must come above business practices or technology.

End-to-end security.

You must consider the full lifecycle of the privacy protection you put in place, embedding it into the system from the first step of data processing.

Full functionality.

At every turn, you need to plan data protection comprehensively and in a way that shows no compromise to either business or security.

Following these six principles will make sure your preparation for GDPR is both sufficiently robust for compliance, and ready to put you at an advantage in the digital era.

Download our white paper to discover how the right reassessment of your data protection and security will help you achieve GDPR compliance.