They recommend that organizations review their policies and procedures to ensure they reflect a serious focus on data protection issues.

"An organization's policies and procedures are a key benchmark against which its compliance is judged by regulators," they say. "The thought that has been given to both indicates how seriously data privacy compliance is taken. Information provided in policies, whether staff or customer facing, and the practices which they encourage are also at the heart of achieving compliance with two frequently breached principles of data protection law, namely: data security obligations which require "appropriate technical and organizational measures" to be in place to prevent data loss and unauthorized access to data (in other words, companies need to be well organized when it comes to information security); and knowledge/consent obligations which require an organization to inform its staff, customers and suppliers what data it processes about them, and what it uses that data for (again, internal and externally facing policies provide a key mechanism for supplying that information)."

Bäumer and Ostermann also recommend regular and well-thought-out training programs for staff that handle valuable data. In addition, they recommend organizations make a point of taking compliance seriously by running regular audits and privacy impact assessments before introducing any new significant data processing activities.