Since the 1990s, Privacy by Design has been a hot button topic.
Simply put, Privacy by Design states that privacy must be build into the DNA of any organisation.
Privacy by Design is a core concepts underpinning the General Data Protection Regulation.
Although the ICO is yet to publish an GDPR specific guide to Privacy by Design, there are 7 broad principals that are a very good starting point for any organisation who want to be ahead of the compliance curve.
- Proactive not Reactive; Preventative not Remedial
You should take proactive rather than reactive measures and anticipate and prevent privacy invasion before it happens. Your approach to privacy protection should never take the form of waiting for breaches to occur then correcting them, they should never happen.
2. Privacy as the Default Setting
Personal data should be automatically protected in any given IT system or business. No action should be needed from the individual to protect their privacy – the system should do this for them by default.
3. Privacy Embedded into Design
Privacy should be designed into the architecture of IT systems and business practices and never bolted on as an after thought. Privacy becomes integral to the system without diminishing usability.
- Full Functionality – Positive-Sum, not Zero-Sum
- End-to-End Security – Full Lifecycle Protection
- Visibility and Transparency – Keep it Open
- Respect for the User Privacy – Keep it User Centric