Danish Banke: 1.3 million EUR proposed fine over records of deletion of personal data

The Danish Data Supervisory Authority (SA) has reported Danske Bank to the Danish police and proposed a fine of DKK 10 million (app.1.3 million EUR). This concludes a case that the SA opened in November 2020 after the bank itself had stated that they had identified a problem with the deletion of personal data in which there was not necessarily a commercial justification for continuing to process.


Read the Notification https://edpb.europa.eu/news/national-news/2022/danish-sa-fine-proposed-danske-bank_en

European Data Protection Board – July 12 plenary session

The European Data Protection Board published the agenda for its July 12 plenary session. The agenda includes discussion around a joint opinion from the EDPB and European Data Protection Supervisor on the proposal for regulation on the European Health Data Space. The EDPB will also review the conference organized by the EDPS in late June focused on EU General Data Protection Regulation enforcement

Click to access 20220712plen1.2_agenda_public.pdf

Marriott International Breach

Marriott International announced it was breached by an unauthorized user, TechCrunch reports. The incident reportedly happened in June after a hacking group claimed it utilized social engineering to fool an employee in a Maryland hotel to letting an individual access their computer. Marriott International suffered a data breach in 2018 and was fined by the U.K. Information Commissioner’s Office.
Full Story https://techcrunch.com/2022/07/06/marriott-breach-again

UK Intends to Reform Data Protection

On 10 May 2022, the UK government announced its intention to introduce a Data Reform Bill (the “Bill”). The announcement was made as part of the Queen’s Speech and did not come as a great surprise given changes to data protection in the UK had been rumoured for some time post-Brexit. The UK government summarises the purposes of the Bill, what it perceives to be its benefits and, amongst other things, the main elements of the proposed legislation, in its background notes for the Queen’s Speech.

By way of the Bill, the UK government intends to “create a world class data rights regime that will allow…[it] to create a new pro-growth and trusted UK data protection framework that reduces burdens on businesses, boosts the economy, helps scientists to innovate and improves the lives of people in the UK”, whilst also modernising the ICO and ensuring it has the powers it requires to enforce data protection, increasing participation in Smart Data Schemes and improving access to health and social data to help those in need of medical care.

In doing so, it believes it will increase the competitiveness and efficiencies for businesses with the reforms anticipated to generate more than £1 billion in business savings over 10 years (according to an analysis by the Department for Digital, Culture, Media and Sport). Amongst other benefits, the Bill will allow data to be used in a way that can empower citizens and improve their lives with regards healthcare, security and government services.

Echoing an opinion which is likely fairly widespread by experts and practitioners, the UK government also expressed its opinion on the GDPR and Data Protection Act 2018 stating that they are “highly complex and prescriptive pieces of legislation…that encourage excessive paperwork, and create burdens for businesses with little benefit to citizens.” In this respect, the UK government notes several times that it wants to remove “tick box exercises”.

Whilst the views of UK government and the goals of the Bill may resonate with, and be supported by, many working within data protection, this all suggests that fairly radical changes will be made to the current regime in the UK. Of particular note is that the Bill comes shortly after the UK being granted its adequacy decision from the European Commission, something the UK government has been keen to retain. Will the Bill may jeopardise this decision and have an adverse effect on organisations, specifically those operating in both the UK and EU? Only time will tell. A more flexible and efficient regime may in fact entice organisations to bring more business to the UK which, as the background notes suggest, is a key driver for the UK government to make these changes. We now await the UK government releasing a draft of the new Bill and, importantly, the reaction of the EU Commission and EU regulators.

EU Data Act raises data protection concerns, say regulators

Data protection regulators have called on EU law makers to place tighter controls on how personal data generated by the use of products and services can be used.

The European Commission set out plans to help consumers and businesses access data generated by the products or related services they own, rent or lease in a new EU Data Act proposed earlier this year. However, the European Data Protection Board (EDPB), together with the European data protection supervisor (EDPS), which oversees EU institutions’ compliance with data protection laws, has said the draft legislation raises data protection concerns.

In a joint opinion, the EDPB and EDPS called for the draft Data Act to be amended. They said the proposals should include “clear limitations or restrictions on the use of personal data generated by the use of a product or service by any entity other than data subjects, in particular where the data at issue are likely to allow precise conclusions to be drawn concerning their private lives or would otherwise entail high risks for the rights and freedoms of the individuals concerned”.

The EDPB and EDPS cited specific examples of data processing activities the draft Data Act should prohibit.

“In particular, the EDPS and EDPB recommend to introduce clear limitations regarding use of personal data generated by the use of a product or related services for purposes of direct marketing or advertising, employee monitoring, credit scoring or to determine eligibility to health insurance, to calculate or modify insurance premiums,” they said. “This recommendation is without prejudice to any further limitations that may be appropriate, for example to protect vulnerable persons, in particular minors, or due to the particularly sensitive nature of certain categories of data (e.g. data concerning the use of a medical device or biometric data) and the protections offered by Union legislation on data protection.”

Frankfurt-based data protection law expert Ruth Maria Bousonville of Pinsent Masons said that the insistence by the EDPB and EDPS that data protection law prevails in case of conflict with the Data Act was “obvious” and that the draft the Commission has prepared already confirms this. She said the text “would not benefit from additional detail in this respect.”

However, Bousonville said general comments the EDPB and EDPS made in their joint opinion are worth noting.

“Against common perception, they are highlighting that data protection law ‘already allows for’ the unleashing of ‘the potential of information to be extracted from data in order to gain valuable knowledge for important common values and for health, science, research and climate action’,” Bousonville said.

“Practice shows that each of such use cases turns on its own facts, which is why the Data Act cannot add legal certainty in this respect. At the same time, data protection law will prevent plain commodification of personal data even if the Data Act would allow it. So, in essence, businesses will need to be prepared for additional regulation without any clear advantage,” she said.

The Commission’s plans for a new Data Act would have major implications for manufacturers of connected devices and other data holders as they would be required to make data generated by their products and services “available to third parties upon the request of the user” and do so “under fair, reasonable and non-discriminatory terms and in a transparent manner”.

The Commission’s draft includes proposed safeguards for SMEs, including the potential unfairness that can arise in data sharing contractual provisions as a consequence of the imbalance in bargaining power between micro, small or medium-sized enterprises and larger businesses: larger businesses would be prohibited from taking advantage of their stronger negotiating power under the draft Act. In this context, the draft introduces an unfairness test. It defines in what cases data sharing-related contractual terms are unfair and is complemented by a list of clauses “that are either always unfair or presumed to be unfair”.

Data Privacy – Proactive not Reactive; Preventative not Remedial

With the shift from industrial manufacturing to knowledge creation and service delivery, the value of information and the need to manage it responsibly have grown dramatically. At the same time, rapid innovation, global competition and increasing system complexity present profound challenges for informational privacy.

While we would like to enjoy the benefits of innovation − new conveniences and efficiencies − we must also preserve our freedom of choice and personal control over our data flows. Always a social norm, privacy has nonetheless evolved over the years, beyond being viewed solely as a legal compliance requirement, to also being recognized as a market imperative and critical enabler of trust and freedoms in our present-day information society.

There is a growing understanding that innovation, creativity and competitiveness must be approached from a “design-thinking” perspective − namely, a way of viewing the world and overcoming constraints that is at once holistic, interdisciplinary, integrative, innovative, and inspiring.

Privacy, too, must be approached from the same design-thinking perspective. Privacy must be incorporated into networked data systems and technologies, by default. Privacy must become integral to organizational priorities, project objectives, design processes, and planning operations. Privacy must be embedded into every standard, protocol and process that touches our lives. This document seeks to make this possible by striving to establish a universal framework for the strongest protection of privacy available in the modern era.

The 7 Foundational Principles of Privacy by Design are presented below in Bold, followed by the FIPs principles that map onto each one.

Proactive not Reactive; Preventative not Remedial

The Privacy by Design approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. PbD does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred − it aims to prevent them from occurring. In short, Privacy by Design comes before-the-fact, not after.

Whether applied to information technologies, organizational practices, physical design, or networked information ecosystems, PbD begins with an explicit recognition of the value and benefits of proactively adopting strong privacy practices, early and consistently (for example, preventing (internal) data breaches from happening in the first place). This implies:

  • A clear commitment, at the highest levels, to set and enforce high standards of privacy − generally higher than the standards set out by global laws and
  • A privacy commitment that is demonstrably shared throughout by user communities and stakeholders, in a culture of continuous
  • Established methods to recognize poor privacy designs, anticipate poor privacy practices and outcomes, and correct any negative impacts, well before they occur in proactive, systematic, and innovative

Privacy as the Default

We can all be certain of one thing the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy it is built into the system, by default.

 This PbD principle, which could be viewed as Privacy by Default, is particularly informed by the following FIPs:

  • Purpose Specification – the purposes for which personal information is collected, used, retained, and disclosed shall be communicated to the individual (data subject) at or before the time the information is collected. Specified purposes should be clear, limited and relevant to the
  • Collection Limitation – the collection of personal information must be fair, lawful and limited to that which is necessary for the specified
  • Data Minimization − the collection of personally identifiable information should be kept to a strict minimum. The design of programs, information and communications technologies, and systems should begin with non-identifiable interactions and transactions, as the default. Wherever possible, identifiability, observability, and linkability of personal information should be
  • Use, Retention, and Disclosure Limitation – the use, retention, and disclosure of personal information shall be limited to the relevant purposes identified to the individual, for which he or she has consented, except where otherwise required by Personal information shall be retained only as long as necessary to fulfill the stated purposes, and then securely destroyed.

Where the need or use of personal information is not clear, there shall be a presumption of privacy and the precautionary principle shall apply: the default settings shall be the most privacy protective.

Privacy Embedded into Design

Privacy by Design is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system, without diminishing functionality.

Privacy must be embedded into technologies, operations, and information architectures in a holistic, integrative and creative way. Holistic, because additional, broader contexts must always be considered. Integrative, because all stakeholders and interests should be consulted. Creative, because embedding privacy sometimes means re-inventing existing choices because the alternatives are unacceptable.

  • A systemic, principled approach to embedding privacy should be adopted − one that relies upon accepted standards and frameworks, which are amenable to external reviews and audits. All fair information practices should be applied with equal rigour, at every step in the design and
  • Wherever possible, detailed privacy impact and risk assessments should be carried out and published, clearly documenting the privacy risks and all measures taken to mitigate those risks, including consideration of alternatives and the selection of
  • The privacy impacts of the resulting technology, operation or information architecture, and their uses, should be demonstrably minimized, and not easily degraded through use, misconfiguration or

Full Functionality – Positive-Sum, not Zero-Sum

Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win- win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretence of false dichotomies, such as privacy vs. security, demonstrating that it is possible, and far more desirable, to have both.

Privacy by Design does not simply involve the making of declarations and commitments − it relates to satisfying all legitimate objectives − not only the privacy goals. Privacy by Design is doubly-enabling in nature, permitting full functionality − real, practical results and beneficial outcomes to be achieved for multiple parties.

  • When embedding privacy into a given technology, process, or system, it should be done in such a way that full functionality is not impaired, and to the greatest extent possible, that all requirements are optimized.
  • Privacy is often positioned in a zero-sum manner as having to compete with other legitimate interests, design objectives, and technical capabilities, in a given domain. Privacy by Design rejects taking such an approach – it embraces legitimate non-privacy objectives and accommodates them, in an innovative positive-sum manner.
  • All interests and objectives must be clearly documented, desired functions articulated, metrics agreed upon and applied, and trade-offs rejected as often being unnecessary, in favour of finding a solution that enables multi-functionality.

Additional recognition is garnered for creativity and innovation in achieving all objectives and functionalities in an integrative, positive-sum manner. Entities that succeed in overcoming outmoded zero-sum choices are demonstrating first-class global privacy leadership, having achieved the Gold Standard.

End-to-End Security – Lifecycle Protection

Privacy by Design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved — strong security measures are essential to privacy, from start to finish. This ensures that all data are securely retained, and then securely destroyed at the end of the process, in a timely fashion. Thus, Privacy by Design ensures cradle to grave, secure lifecycle management of information, end-to-end.

Privacy must be continuously protected across the entire domain and throughout the life-cycle of the data in question. There should be no gaps in either protection or accountability. The “Security” principle has special relevance here because, at its essence, without strong security, there can be no privacy.

  • Security − Entities must assume responsibility for the security of personal information (generally commensurate with the degree of sensitivity) throughout its entire lifecycle, consistent with standards that have been developed by recognized standards development
  • Applied security standards must assure the confidentiality, integrity and availability of personal data throughout its lifecycle including, inter alia, methods of secure destruction, appropriate encryption, and strong access control and logging

Visibility and Transparency

Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visible and transparent, to both users and providers alike. Remember, trust but verify!

 Visibility and transparency are essential to establishing accountability and trust. This PbD principle tracks well to Fair Information Practices in their entirety, but for auditing purposes, special emphasis may be placed upon the following FIPs:

  • Accountabilty – The collection of personal information entails a duty of care for its protection. Responsibility for all privacy-related policies and procedures shall be documented and communicated as appropriate, and assigned to a specified individual. When transferring personal information to third parties, equivalent privacy protection through contractual or other means shall be
  • Openness – Openness and transparency are key to accountability. Information about the policies and practices relating to the management of personal information shall be made readily available to individuals.
  • Compliance – Complaint and redress mechanisms should be established, and information communicated about them to individuals, including how to access the next level of appeal. Necessary steps to monitor, evaluate, and verify compliance with privacy policies and procedures should be taken.

Respect for User Privacy

Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric!

The best Privacy by Design results are usually those that are consciously designed around the interests and needs of individual users, who have the greatest vested interest in the management of their own personal data.

Empowering data subjects to play an active role in the management of their own data may be the single most effective check against abuses and misuses of privacy and personal data. Respect for User Privacy is supported by the following FIPs:

  • Consent – The individual’s free and specific consent is required for the collection, use or disclosure of personal information, except where otherwise permitted by The greater the sensitivity of the data, the clearer and more specific the quality of the consent required. Consent may be withdrawn at a later date.
  • Accuracy – personal information shall be as accurate, complete, and up-to-date as is necessary to fulfill the specified
  • Access – Individuals shall be provided access to their personal information and informed of its uses and disclosures. Individuals shall be able to challenge the accuracy and completeness of the information and have it amended as
  • Compliance – Organizations must establish complaint and redress mechanisms, and communicate information about them to the public, including how to access the next level of

Respect for User Privacy goes beyond these FIPs, and extends to the need for human-machine interfaces to be human-centered, user-centric and user-friendly so that informed privacy decisions may be reliably exercised. Similarly, business operations and physical architectures should also demonstrate the same degree of consideration for the individual, who should feature prominently at the centre of operations involving collections of personal data.



Mentoring : Why you definitely need a Mentor

When I started my career, I was very fortunate to have a mentor, I didn’t go out and find one, but was taken under the wing by a very astute leader. I was very fortunate to be on the receiving end of a great mentor and as Tom’s career took off, he always made time to be there and support. The long-term impact of his mentoring really was life and career changing.

In my own situation, the mentor was a Assistant to the Regional Director & I credit for guiding me in my development as a leader, a strategist and a more complete business professional.

He did not instruct me, or provide on-the-spot coaching or training. Instead, he challenged me; he encouraged me to think through issues and approaches with his painfully difficult to answer questions, and he served as a source of wisdom when I needed it the most. While our relationship as mentor and mentee (sometimes identified as: mentoree) ended after I changed companies, his impact carries through in my work today.

Mentoring and Coaching: Similar but Not the Same

The terms mentoring and coaching are often used interchangeably, and that is misleading. While similar in their support of someone’s development, they are very different disciplines in practice.

Mentoring is a long term relationship where the focus is on supporting the growth and development of the mentee. The mentor is a source of wisdom, teaching and support, but not someone who observes and advises on specific actions or behavioral changes in daily work.

Coaching is typically a relationship of finite duration where the focus is on strengthening or eliminating specific behaviors in the here and now. Coaches are engaged to help professionals correct behaviors that detract from their performance or, to strengthen those that support stronger performance around a set of activities.

Both mentoring and coaching are incredibly valuable in providing developmental support, however, one offers high-level guidance for long-term development and the other helps you improve immediately.

History and Definition:

The original Mentor is a character in Homer’s epic poem: The Odyssey. When Odysseus, King of Ithaca went to fight in the Trojan War, he entrusted the care of his kingdom to Mentor. Mentor served as the teacher and overseer of Odysseus’ son, Telemachus.

The Merriam-Webster Online Dictionary defines a mentor as “a trusted counselor or guide.” Others expand on that definition by suggesting that a mentor is “someone who is helping you with your career, specific work projects or general life advice out of the goodness of his or her heart.

Why Seek Out a Mentor?

As described earlier, I attribute part of my professional growth to the guidance of a patient mentor. He challenged me to think differently and to open my eyes and mind to different perspectives. While each of us develop at our own pace, it is reasonable to believe that this type of influence is positive for all of us.

A mentor is a personal advocate for you, not so much in the public setting, but rather in your life.

Many organizations recognize the power of effective mentoring and have established programs to help younger professionals identify and gain support from more experienced professional in this format.

What a Mentor Does for You:

A mentor takes a long-range view on your growth and development.
A mentor helps you see the destination but does not give you the detailed map to get there.
A mentor offers encouragement and cheer leading, but not “how to” advice.

What a Mentor Does Not Do for You:

A mentor is not a coach as explained above.
A mentor is typically not an advocate of yours in the organizational environment: the relationship is private.
A mentor is not going to tell you how to do things.
A mentor is not there to support you on trans actional, short-term problems.
A mentor is not a counselor.

Understanding the role of the mentor is a critical starting point for success in this relationship.

Additional requirements include:

Investing your time in seeking out the mentor.
Sharing your goals and fears openly.
Not expecting the mentor to solve your short-term problems or do the work for you.
Not expecting specific advice.
Sharing where you are struggling or failing.
Listening carefully and then researching and applying the mentor’s guidance.
Showing that you value the mentor’s support.
Not abusing the relationship by expecting political support in the organization.
The Bottom Line:

A mentor can be a difference maker in your career and life. It is important to come to the relationship with open eyes on the role and to have proper expectations. And remember, the impact of a mentor’s guidance and wisdom now may not be felt for years to come. However, it will be felt.

Achieve and maintain GDPR compliance without the hassle

By leveraging my GDPR services you can free up your internal resources, take the pain out of staying compliant with GDPR policies and avoid data breaches.

Whether you’re just starting out on your GDPR compliance journey, or you’d like to review your existing policies and procedures, I have a range of solutions to suit your needs.

GDPR gap analysis

Our GDPR gap analysis service explores your business policies, processes, resources, governance and technology to identify areas of non-compliance. You will receive a comprehensive report showing your current level of compliance against the requirements of the GDPR.

This service is perfect for organisations that are just getting started in their compliance journey.

GDPR implementation

A GDPR implementation project typically follows on from a GDPR assessment (gap analysis). The purpose of an implementation project is to develop the necessary policies, procedures, processes, and documentation to achieve and maintain GDPR compliance.

We take a fully customised approach to GDPR implementations to address your specific business needs. An implementation project will also train your staff to ensure data protection becomes second nature throughout your business.

GDPR audit

Once you have implemented a GDPR framework and achieved a satisfactory level of compliance, it’s important you regularly assess your position to make sure it is being maintained. That’s where my GDPR audit service can help.

I will help you reassess your compliance framework once or twice a year and check that staff are following policies and procedures.

GDPR consultancy

If you’d like the reassurance of having a GDPR expert on hand in case you ever need support or guidance, we can help. My GDPR consultancy service provides ongoing, monthly access that can give you advice on any compliance matter.

We can also provide ad-hoc support for one-off projects such as

  • Data Protection Impact Assessments (DPIAs)
  • Subject Access Requests (SARs)
  • Updating documentation
  • Answering questions related to GDPR compliance

Other solutions

Compliance is a continuous journey, not a destination. It’s important to keep your strategy up to date and ensure that your data privacy and security policies are reviewed regularly.

We can help you maintain your compliance and achieve cyber security best practice with our range of additional services:

  • Outsourced Data Protection Officer (DPO) – If you need help managing data protection in your organisation, our outsourced DPO service has you covered.
  • GDPR staff training – Keep your staff educated, informed and aware of their data protection responsibilities with a variety of GDPR training services.
  • Security awareness training – In addition to GDPR training, we can help train your staff to recognise and protect themselves from phishing attacks and other cyber security threats.

Authenticity: A Key Aspect in Building Relations and Trust

Authenticity has been explored throughout history, from Greek philosophers to the work of Shakespeare (“To thy own self be true.” –Polonius, Hamlet), and Human beings seem to have a  remarkable capacity for creativity when it comes to making excuses for why things didn’t, or aren’t, turning out quite right.

From genetic predispositions and chemical imbalances to structural inequities and bad luck, a wide swath of humanity is convinced they are not to blame when their state of mind or life is undesirable.

Postmodernism is a term assigned to an intellectual movement that has increasingly dominated academic, cultural, and political circles since essentially posits that nothing really exists except that which is constructed through language, or that which is decreed by postmodern potentates to be true.

Principles of postmodernism promote a convenient credo of moral relativism, thus affording human beings with pretended power to redefine moral principles to suit their own capricious conceptions of right and wrong. However, well intentioned its acolytes may be, elevate human beings with the power to determine what is and what isn’t real on the contradictory premise that nothing really is at all, except that which is constructed by language and the pompous proclamations is largely fraught with selfishness, hedonism, confusion, nihilism, and hopelessness.

If you lead and build relationship this way, you will easily be found out by your employees.

The aim of Self-Action Leadership is not to create critics, but to develop doers. It seeks to teach and train those whose desires lie not outside the stadium in the cirque du critique, but inside the arena on the platforms of performance. In the words of President Teddy Roosevelt:

“It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat.”

Leaders and followers both associate authenticity with sincerity, honesty, and integrity. It’s the real thing–the attribute that uniquely defines great managers! Authentic leadership is an approach to leadership that emphasizes building the leader’s legitimacy through honest relationships with followers which value their input and are built on an ethical foundation.

Developing on this quality organisations are able to approach their work in ways that express their individuality and they feel more personally invested and accountable as a result.  They experiment to see what works best, building flexible and innovative organizations.  And they examine why they do what they do and challenge assumptions.  This allows people to really get behind the boundaries that are reasonable and necessary, and creatively challenge those that have been formed by habit or tradition.  Authentic organizations generate trust and loyalty amongst stakeholders and clients.  And authentic organizations inspire productivity and resilience as workers increasingly stand behind, protect and take pride in where they work, devlopming new ways to deliver results

Authenticity is an anagram of employee engagement – It’s not really, but if you want to know what really gets people to to get involved? it’s the opportunity to do their work in their own way, to learn and grow within an organisation they believe in!

Erik Erikson’s Eight Stages of Psychosocial Development

Erik Erikson proposed a psychoanalytic theory of psychosocial development comprising eight stages from infancy to adulthood. During each stage, the person experiences a psychosocial crisis which could have a positive or negative outcome for personality development.

Like Freud and Piaget, Erik Erikson was a constructivist who believed that children developed in stages, with the skills acquired at each level acting as building blocks for the next level.

Since he trained under Sigmund Freud’s daughter, Anna, much of Erikson’s theories were based on Freudian principles. However, he believed that his predecessors were too limited in their thinking.

According to Erikson, the ego develops as it successfully resolves crises that are distinctly social in nature. These involve establishing a sense of trust in others, developing a sense of identity in society, and helping the next generation prepare for the future.

Erikson extends on Freudian thoughts by focusing on the adaptive and creative characteristic of the ego, and expanding the notion of the stages of personality development to include the entire lifespan.

Like Freud and many others, Erik Erikson maintained that personality develops in a predetermined order, and builds upon each previous stage. This is called the epigenic principle.

The outcome of this ‘maturation timetable’ is a wide and integrated set of life skills and abilities that function together within the autonomous individual. However, instead of focusing on sexual development (like Freud), he was interested in how children socialize and how this affects their sense of self.

Erikson’s (1959) theory of psychosocial development has eight distinct stages, taking in five stages up to the age of 18 years and three further stages beyond, well into adulthood. Erikson suggests that there is still plenty of room for continued growth and development throughout one’s life. Erikson puts a great deal of emphasis on the adolescent period, feeling it was a crucial stage for developing a person’s identity.

Like Freud, Erikson assumes that a crisis occurs at each stage of development. For Erikson (1963), these crises are of a psychosocial nature because they involve psychological needs of the individual (i.e. psycho) conflicting with the needs of society (i.e. social).

According to the theory, successful completion of each stage results in a healthy personality and the acquisition of basic virtues. Basic virtues are characteristic strengths which the ego can use to resolve subsequent crises. Failure to successfully complete a stage can result in a reduced ability to complete further stages and therefore a more unhealthy personality and sense of self. These stages, however, can be resolved successfully at a later time.

The eight key stages he described were:

Trust vs. Mistrust:This stage occurs between the ages of birth and 2 years and is centered on developing a sense of trust in caregivers and the world. Children who receive responsive care are able to develop the psychological quality of hope.

Autonomy vs. Shame and Doubt:This stage takes place between the ages of 2 and 3 years and involves gaining a sense of independence and personal control. Success in this stage allows people to develop will and determination.

Initiative vs. Guilt:Between the ages of 3 and 6 years, children begin to explore their environment and exert more control over their choices. By successfully completing this stage, children are able to develop a sense of purpose.

Industry vs. Inferiority: The stage that takes place between the ages of about 5 and 11 years is focused on developing a sense of personal pride and accomplishment. Success at this point in development leads to a sense of competence.

Identity vs. Confusion: The teen years are a time of personal exploration. Those who are able to successfully forge a healthy identity develop a sense of fidelity. Those who do not complete this stage well may be left feeling confused about their role and place in life.

Intimacy vs. Isolation: The stage that takes place in early adulthood is all about forging healthy relationships with others. Success leads to the ability to form committed, lasting, and nurturing relationships with others.

Generativity vs. Stagnation: At the stage occurring during middle adulthood, people become concerned with contributing something to society and leaving their mark on the world. Raising a family and having a career are two key activities that contribute to success at this stage.

Integrity vs. Despair: The final stage of psycho-social development takes place in late adulthood and involves reflecting back on life. Those who look back and feel a sense of satisfaction develop a sense of integrity and wisdom, while those who are left with regrets may experience bitterness and despair.


Further Reading

Bee, H. L. (1992). The developing child. London: HarperCollins.
Erikson, E. H. (1950). Childhood and society. New York: Norton.
Erickson, E. (1958). Young man Luther: A study in psychoanalysis and history. New York: Norton.
Erikson, E. H. (Ed.). (1963). Youth: Change and challenge. Basic books.
Erikson, E. H. (1964). Insight and responsibility. New York: Norton.
Erikson, E. H. (1968). Identity: Youth and crisis. New York: Norton.
Erikson, E. H., Paul, I. H., Heider, F., & Gardner, R. W. (1959). Psychological issues (Vol. 1). International
Universities Press.