Data protection by design—policy

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Data protection by design—policy

Data protection by design—policy

    1. 1

      Data protection by design and default—the concept

      1. 1.1

        Data protection by design and default (DPbDD) is a requirement of the UK General Data Protection Regulation (UK GDPR).

      1. 1.2

        In essence, DPbDD involves considering data protection and privacy issues upfront in everything we do. This means we have to integrate or ‘bake-in’ data protection into our processing activities and business practices, from the design stage right through the lifecycle.

      1. 1.3

        Taking a DPbDD approach when designing or reviewing projects, policies, products or systems will help us to:

        1. 1.3.1

          ensure our actions are less likely to be intrusive or have negative privacy impact on individuals;

        1. 1.3.2

          identify privacy risks and requirements at an early stage—when addressing them will often be simpler and less costly;

        1. 1.3.3

          increase awareness of privacy and data protection across the organisation; and

        1. 1.3.4

          improve our general levels of compliance with data protection law.

    1. 2

      DPbDD—key principles

      1. 2.1

        [Insert organisation’s name] considers data protection issues as part of the design and implementation of systems, services, products and business practices.

      1. 2.2

        We make data protection an essential component of the core functionality of our processing systems and services.

      1. 2.3

        We have systems in place to anticipate risks and privacy-invasive events before they occur and take steps to prevent harm to individuals. This Policy identifies various such systems and processes.

      1. 2.4

        We only process the personal data that we need for our

Related documents:

Popular documents