Privacy by Design: a solution for all your privacy issues!
By consistently applying privacy by design, organizations enhance the quality of their data protection and reduce its associated costs. Additionally, employees will become more conscious in handling personal data, and as an organization, you can better justify your choices regarding personal data. In mid-April 2020, the CoronaMelder app was launched. The app, in short, informed people when they've been near someone who tested positive for COVID-19, aiming to address the at that point growing number of infections in the Netherlands.
Half of the Netherlands was concerned that the government might get access to information of citizens' whereabouts. Fortunately, the app's creators had thought this through: when designing the CoronaMelder app, it was essential that the app be privacy-friendly. With input from numerous privacy specialists, the CoronaMelder app was developed from the outset to offer the most privacy-friendly notification app. An excellent example of effectively applying the privacy by design principle.
Privacy as a starting point
But what exactly is privacy by design? The privacy by design principle suggests that, during the initial stages of new products, services, or processes, you contemplate the most privacy-friendly solution.
It begins with the basics: privacy or data protection policies compel organizations to consider how they handle personal data. This policy outlines principles of data processing and data subject rights. Principles like data minimization (what data do we actually need?), proportionality (does the data we want to use align with the purpose?) and purpose limitation (data may only be processed for specific, documented purposes) are included.
Subsequently, it's important to apply this policy and these principles during the initial design phase of any project. By doing so, each processing activity will adhere to your privacy policy, eliminating the need for post-design adjustments. Making post-design changes because the initial design was inadequate can lead to issues, and sometimes, it's impossible to backtrack.
The solution for all your (privacy) problems
Privacy by design works, firstly, because it compels organizations to proactively consider risks and measures. By making the right choices in what measures you need upfront, you build your solution correctly from the start. This is advantageous for both cutting costs and the quality of data protection.
Embedding the privacy by design principle into your processes, secondly, makes it easier to comply with the GDPR. Guidelines related to data minimization, proportionality, purpose limitation, protection and accuracy are integrated right from the design phase.
Thirdly, the privacy by design principle ensures that employees become aware of the organization's privacy standards, apply them within their own area of expertise, and can advocate for them across the organization. The likelihood of data breaches is reduced when colleagues understand how to handle personal data carefully.
Lastly, as an organization, you can always justify your choices. After all, you've considered principles like data minimization, protection, and transparency and discussed their implementation early on. This allows you to explain to consumers, citizens, or regulators which choices you made to handle personal data in a careful manner.
Curious about how to implement privacy by design effectively within your organization? VKA can assist. Feel free to contact us, and who knows, your next product or service might meet privacy requirements just as well as the CoronaMelder app.