All Episodes

November 27, 2019 40 min
Privacy By Design is one of the key elements of good data protection, and is made mandatory by Article 25 of the GDPR. But what does PbD mean in practice? In this podcast, we look at the key elements of PbD, discuss some actual use cases, and examine how to apply PbD on the ground. GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest Sam Bouso, Founder and CEO of Precognitive Inc., sbouso@precognitive.io https://precognitive.com/ Host Mark Sherwood-Edwards info@thisisdpo.co.uk Materials Recommended By Sam Bouso Article “Privacy By Design Is Important For Every Area Of Your Business” is a good general intro Book “The Ultimate GDPR Practitioner Guide: Demystifying Privacy & Data Protection” Especially Chapter 11 which has solid examples and areas of focus for those trying to implement PbD. Ann Cavoukian’s 7 principles of PbD Proactive not reactive; preventive not remedial The privacy by design approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. Privacy by design does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent them from occurring. In short, privacy by design comes before-the-fact, not after. Privacy as the default Privacy by design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system, by default. Privacy embedded into design Privacy by design is embedded into the design and architecture of IT systems as well as business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system without diminishing functionality. Full functionality – positive-sum, not zero-sum Privacy by design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by design avoids the pretense of false dichotomies, such as privacy versus security, demonstrating that it is possible to have both. End-to-end security – full lifecycle protection Privacy by design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved — strong security measures are essential to privacy, from start to finish. This ensures that all data are securely retained, and then securely destroyed at the end of the process, in a timely fashion. Thus, privacy by design ensures cradle-to-grave, secure lifecycle management of information, end-to-end. Visibility and transparency – keep it open Privacy by design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify. Respect for user privacy – keep it user-centric Above all, privacy by design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric. See also: https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf https://iapp.org/resources/article/privacy-by-design-the-7-foundational-principles/ Looking for something long and technical? "Privacy and Data Protection by Design – from policy to engineering". ENISA Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk Special Guest: Sam Bouso.
Share
Mark as Played

Chat About GDPR Now!

Advertise With Us

Popular Podcasts

Crime Junkie
The Daily

The Daily

This is what the news should sound like. The biggest stories of our time, told by the best journalists in the world. Hosted by Michael Barbaro. Twenty minutes a day, five days a week, ready by 6 a.m.

Stuff You Should Know

Stuff You Should Know

If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.

For You

    Music, radio and podcasts, all free. Listen online or download the iHeartRadio App.

    Connect

    © 2021 iHeartMedia, Inc.