Data protection by design and by default

When initiating a new project that involves processing of private data, it is not only important but also required to consider the impact to the privacy of individuals form the very beginning. Privacy by Design and Data Protection by Design ensures that new products and services introduced to the market take privacy under the guidelines of the GDPR into account. While this is good practice, it also requires the involvement of a privacy professional from the beginning or an innovation project.

Start from the beginning

Innovation and brainstorming should be open to different contributions but before significant time or money is being invested in the development process it will need to be considered of the envisioned service can be offered effectively while respecting the data subjects rights, and if other requirements under the GDPR, for example the access requests can be fulfilled easily enough.

Like all other GDPR processes, the Data protection by design and by default process should be carefully documented so that it helps building a case for compliance and properly exercised care for the rights of your data subjects.

With our experience in product design, innovation and digital strategies, TechGDPR can help meet these requirements throughout the product life cycle.

When new processing of personal data should be implemented, or existing processing should change, the right process to look at would be the GDPR Data Protection Impact Assessment and possibly Prior Consultation processes is what should be considered, and where you should involve your DPO and/or us as an external specialist.

Also read our blog article about The Principles of Privacy by Design applied to blockchain.

When to consider Privacy by design and default?

When starting a new innovation or technology project that deals with personal data, it is important to consider the privacy aspects and most importantly how this will impact the rights and freedoms of natural persons.

How to start a privacy by design process?

Through involving a privacy expert from the start, and carefully document the involvement, input, consideration and conclusion. The end result should be a privacy friendly product developed with a documented process and privacy considerations have been made with due consideration.

When is a Prior Consultation under the GDPR required?

If a Data Protection Impact Assessment indicates that processing would result in a high risk.

We can help you with Data Protection by Design and by Default. Contact us to find out how.