The term “Privacy by Design” means “Data Protection through Technology Design.” Data Protection in Data Processing Procedures is best adhered to when it is already integrated in the technology when created.
In some cases of new privacy legislation, can affect such as anyone selling into Brazil, where Privacy by Design is already a requirement. This means as Privacy change accelerates it is something essential that you need to consider as part of any new implementation holding Personally Identifiable Information. Let’s face it that applies to every single organisation in the UK.
“Privacy by Design” is included within the General Data Protection Regulation, which requires responsible parties to include definitions of the means for processing Technical Organisational Methods (TOM’s) at the time that they are defined in order to fulfil the basics and requirements of “Privacy by Design”. Legislation doesn’t specify the exact protective measures are to be taken. Pseudonymisation, as per recital 78 of the GDPR, encryption and anonymisation of data are considered possible protective measures. User authentication and upholding the right to object must be planned. The type, scope, circumstances and purpose of the processing must be considered. Only when multiple of these many measures are used can we hope to meet the requirement.
It’s clear that having technology shielding your organisation from inadvertent data leakage is preferable to relying solely on your imperfect staff not to make a mistake. However, if this is obvious, why just leave good design to new systems? There is clearly a drive towards technology supporting your Privacy Program and ignoring your legacy systems seems strange.
IT Ambulance has skills in Information Security Programs (ISO27001) and Privacy Professionals (certified by IAPP). We are here to bridge the gap in your organisational skills between where you are today and a Privacy by Design or redesign model.
Book a consultation with our privacy by design consulting experts today.