Privacy by design and by default
Learn what privacy by design and privacy by default mean and how to apply them in Dastra.
"Privacy by design" and "privacy by default" are two key concepts in the implementation of personal data protection, stemming from Article 25 of the GDPR.
The principle of data protection by design means that the company must integrate the protection of personal data, from the conception of projects related to the processing of company data. The objective is to minimize the risks of non-compliance with the RGPD, from the design of a project and by default.
The principle of privacy by design is applied at the design stage of a product or service, which requires companies to anticipate.
However, the application of measures to protect personal data does not stop at the design stage, and must be carried out throughout the life cycle of the data processing.
Taking into account issues related to the protection of private data from the design of the processing. Prevent in advance any infringement of the rights of the data subject.
Data protection and security measures must be active by default for any operation on private data.
Process only adequate, relevant and necessary data with regard to the purposes for which it is collected.
Strictly regulate access to personal data via an authorization to access the policy + Ad hoc security measures.
Provide at the start of processing a device for purging private data on the expiration date of their retention period.
In order to implement privacy by design, the protection of personal data must be taken into account at every stage of the process of creating new projects. This means that companies must, at a minimum and before the projects are put into production:
- Inform the DPO or equivalent of the existence of these projects
- Analyze the privacy risks associated with these projects
- Identify and implement in the project the measures integrating the protection of personal data
- Document all the elements in order to constitute proof of compliance with the principles of privacy by design & by default.
The principle of privacy by design is a direct result of the accountability principle laid down by the GDPR in its article 5. Indeed, data controllers have the obligation to:
- question the compliance of their data processing with the RGPD
- be able to prove this compliance
They are therefore held responsible for compliance with the rules imposed by the RGPD. Therefore, they must implement and update measures to ensure compliance with the processing of personal data.
Privacy by Design principles can be applied in several ways in Dastra:
- Create specific audit forms to collect the necessary information
- Identify and analyze risks to assess the measures to be implemented to address the issues
- Identify, assign and track remediation tasks
- Document the record by indicating in the treatment sheets the measures implemented and thus constitute the audit trail