When looking at privacy principles and regulations, we need to be informed of both technical and legal aspects, making this a rather complex matter. Not only existing regulations but also the new frameworks of tomorrow are important to understand and implement.
During this session, we tackle both the legal domain as well as the technical domain with two experts.
The details of privacy by design
Privacy by design is described in article 25 of GDPR:
“The controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.“
There are several factors to take into account:
- State of the art (no outdated systems)
- Cost of implementation
- Scope, context, nature and purpose
- Risks
When implementing the privacy rules, it’s a matter of finding the right balance between factors. If the risks are high and you want to process a large amount of data, you’ll need your systems/processes to be more up to date (and cost will be less of an obstacle) than when you process few data with no risks.
The principles of privacy by design are not set one time when developing a new product or service. It is a continuous process, you’ll need to keep on ensuring that your services & products meet the privacy regulations.
Watch the full recording or download the presentations here.