DASTRA
English
English
  • What is Dastra
  • 🇪🇺USEFUL REMINDERS
    • What is GDPR ?
    • GDPR key concepts
      • Personal data
      • Record of processing activities (ROPA)
      • Privacy impact assessment
      • Data retention period
      • Data Subject Rights (DSR)
      • Privacy by design and by default
      • Security measures
      • Data breach notifications
    • Risk management
      • Definition of risks
      • Risk assessment
      • Vendor risk management
  • 🧑‍🎓GETTING STARTED
    • Setting up
      • Create and set up a workspace
      • Create and set up organizational units
      • Appointing a DPO
      • Add a lead authority
      • Invite users
      • Managing roles and permissions
      • Create and assign teams
      • Frequently asked questions
    • Tutorial
      • Step 1: Setting up
      • Step 2: Map your personal data processing and draw up a register
      • Step 3: Managing risks
      • Step 4: Prioritize actions
      • Step 5: Implement internal processes
      • Step 6: Document compliance
    • Support
      • The dastronaut's assistant
      • Online help
      • Request support
      • The customer support process
  • ⚙️Features
    • Dashboard
    • General
      • Advanced Filters
      • Import your data (Excel, Csv)
      • Tag management
      • Custom fields
      • AI Assistant
      • Email templates
    • Data Mapping
    • Record of processing activities
      • "Data controller" record
      • "Data processor" record
      • Establish your record
      • Export / import the record
      • Use a processing activity template
      • Declare a processing activity
      • Complete a data processing activity
        • General information
        • Stakeholders
        • Purposes
        • Dataset
        • Assets
        • Data subjects
        • Data subjects rights (DSR)
        • Recipients
          • Data transfers outside the EU
        • Security measures
        • Impact analysis
        • Documentation
      • Create relationships between processing activities
      • Processing freshness
      • Share the record of processing
      • Data visualization
        • View the treatment tree
        • View the record data map
        • View the transfers map
      • Frequently asked questions
    • Audits and DPIA
      • Create or modify an audit template or DPIA
      • Scheduling an audit or a PIA
      • Share an audit report or PIA
      • FAQ
    • Privacy hubs
      • Create a Privacy hub
      • Configure your Privacy hub
        • Homepage and general configuration
        • Questionnaires
        • Data subject requests
        • Record of processing activities
        • Attachments
        • Organizational chart
        • Contacts
        • Security
        • Appearance and design
      • Preview and share your privacy hub
      • Collecting data processing projects from a Privacy hub.
    • Contracts
      • Declare a Contract
      • Structure of a contract
      • Documents
      • Assets
      • Signers
      • Linked users
      • Sign the contract
      • Docusign integration
      • Contract versions
      • Contract templates
    • Risk management
      • Glossary of terms
      • Risk management process
        • 1. Identification
        • 2. Assess
        • 3. Monitor
        • 4. Control
        • Let's recap
      • Dastra / eBios RM comparison
      • Attach a risk to a processing activity
      • FAQ
    • Planning
      • Create your action plan
      • Create or modify a project or an iteration
      • Monitor, screen or export your tasks
      • Customise the task workflow
      • Share as calendar
      • Customise the task workflow
      • Go further with planning
      • FAQ
    • Data subject right request
      • Manage data subject right requests
      • Set up a data subject right request widget
      • Technical integration
      • API integration
    • Manage data breach notifications
      • Report a data breach
      • Export your data breach notifications
    • Manage cookies consent
      • Widget configuration
        • Preliminary study
        • Cookies scanning
        • Classify cookies by consent categories
        • The purposes of cookies
        • Implement a cookie consent widget
        • Collect proof of cookie consent
        • Go further on cookie consent
        • In case of unavailability
      • Technical integration
        • Functioning of the widget
        • Quick start
          • Wordpress
        • Language management
        • Test the integration of a widget
        • Blocking cookies
          • Blocking iframes (twitter/youtube...)
          • Google Tag Manager
        • Advanced Design
        • Manage consent programmatically
        • User identification
        • Mobile applications
          • Hybrid applications
          • Native applications
        • TCF 1.1/2.0
      • RGAA compliance
      • Breakdown service
    • Regular review (freshness)
    • Custom Reporting
      • Integration with data analysis tools (BI)
    • AI Systems
      • Establishing a record of AI systems
      • Risk analysis and business value
      • Transparency notice
      • AI Models repository
    • Advanced configuration
      • SCIM
      • Roles and permissions
      • Single Sign On (SSO)
        • SAML 2
        • OpenId
        • ADFS
        • Active Directory
        • Okta
        • Known problems
      • References
      • API key management
      • Notifications
      • Workflow steps / process flow
      • Incoming mail data collection
      • OneDrive/Google Drive integrations
      • Webhooks
      • SMTP configuration
      • Workflow rules
      • Message templates
      • Email domains
  • PARTNERS
    • Portal
  • 📄API documentation
    • Configuration
    • Authentication
    • API References
    • Integrations
      • Frequently asked questions
  • 🛡️Security
    • Security at Dastra
    • Security roadmap
    • Quality of Service
  • Certifications
  • 🤖Other
    • FAQ
    • Known problems
    • Changelog
  • Referentials
    • CNIL referentials
      • HR referential from CNIL
Powered by GitBook
On this page
  • Introduction
  • Concepts
  • Privacy by design
  • Privacy by default
  • Minimization of personal data
  • Integrity and confidentiality
  • Limitation of data retention period
  • How to implement privacy by design and by default?
  • For more information

Was this helpful?

  1. USEFUL REMINDERS
  2. GDPR key concepts

Privacy by design and by default

Learn what privacy by design and privacy by default mean and how to apply them in Dastra.

Last updated 1 year ago

Was this helpful?

Introduction

"Privacy by design" and "privacy by default" are two key concepts in the implementation of personal data protection, stemming from .

The principle of data protection by design means that the company must integrate the protection of personal data, from the conception of projects related to the processing of company data. The objective is to minimize the risks of non-compliance with the GDPR, from the design of a project and by default.

The principle of privacy by design is applied at the design stage of a product or service, which requires companies to anticipate.

However, the application of measures to protect personal data does not stop at the design stage, and must be carried out throughout the life cycle of the data processing.

Concepts

Privacy by design

Taking into account issues related to the protection of private data from the design of the processing. Prevent in advance any infringement of the rights of the data subject.

Privacy by default

Data protection and security measures must be active by default for any operation on private data.

Minimization of personal data

Process only adequate, relevant and necessary data with regard to the purposes for which it is collected.

Integrity and confidentiality

Strictly regulate access to personal data via an authorization to access the policy + Ad hoc security measures.

Limitation of data retention period

Provide at the start of processing a device for purging private data on the expiration date of their retention period.

How to implement privacy by design and by default?

In order to implement privacy by design, the protection of personal data must be taken into account at every stage of the process of creating new projects. This means that companies must, at a minimum and before the projects are put into production:

  • Inform the DPO or equivalent of the existence of these projects

  • Analyze the privacy risks associated with these projects

  • Identify and implement in the project the measures integrating the protection of personal data

  • Document all the elements in order to constitute proof of compliance with the principles of privacy by design & by default.

  • question the compliance of their data processing with the RGPD

  • be able to prove this compliance

They are therefore held responsible for compliance with the rules imposed by the RGPD. Therefore, they must implement and update measures to ensure compliance with the processing of personal data.

Privacy by Design principles can be applied in several ways in Dastra:

  • Create specific audit forms to collect the necessary information

  • Identify and analyze risks to assess the measures to be implemented to address the issues

  • Identify, assign and track remediation tasks

  • Document the record by indicating in the treatment sheets the measures implemented and thus constitute the audit trail

For more information

The principle of privacy by design is a direct result of the laid down by the GDPR in its . Indeed, data controllers have the obligation to:

🇪🇺
Article 25 of the GDPR
accountability principle
article 5
Audits and DPIA
Risk management
Planning
Record of processing activities (ROPA)
Security measures