what is data protection by design

What Is Data Protection By Design?

In a world where everything is connected and data is valuable, it’s more important than ever to have data protection by design. But what does that mean? And how can you make sure your business is taking the necessary precautions?

Keep reading to find out.

What Is Data Protection By Design?

The Data Protection by Design (DPD) states that a personal data controller shall take technical and organizational measures. This is to ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected.

Thus, taking into account state of the art and the cost of their implementation. So, the measures shall ensure the confidentiality, integrity, availability, and resilience of processing systems and services.

DPD Principles

The DPD principle requires that data protection be integrated into IT systems’ design. This is rather than being added as an afterthought. Data Protection Officers also known as DPO, are one of the key components of data protection by design.

So, a role that is required by law by all public sector organizations and some private sector organizations that are processing personal data. Data Protection By Design (DPD) means that the principles, functions, features, and requirements of data protection should be incorporated.

That is into the concept and design of the information system at the earliest stage. This is to achieve effective and comprehensive protection of personal data. It also means that these features should be tested, verified, and reviewed.

Now, that security measures should be progressively checked and updated throughout the life cycle of the system.

European Data Protection Supervisor

The European Data Protection Supervisor (EDPS) has been advising on how to implement data protection by design since 2010. The EDPS has devised a methodology for DPD implementation. So, the aim is for DPD to become a fundamental principle of data protection law across Europe.

Moreover, the EDPS issued guidelines on how to implement DPD in May 2014. The EDPS points out there is no international standard for implementing DPD. But international standards such as ISO 27001 and NIST Cybersecurity Framework include principles similar to those established under the EDPS guidelines.

The Council of Europe has recognized that new technologies enable new opportunities for safeguarding individual freedoms and rights. That is in a democratic society but they can also lead to greater risks in terms of breaches of privacy or confidentiality. To ensure that new technologies are used in a way that safeguards privacy.

States must introduce specific legislation. This will ensure that adequate measures are taken throughout the life cycle of ICT systems. That is from their inception to when they are dismantled or replaced.

To do this, Member States should harmonize their national law concerning their obligations under article 8 ECHR. This is in conjunction with article 16 ECHR (1), taking into account existing Community legislation such as Directive 95/46/EC. This is for the protection of individuals regarding the processing of personal data and the free movement of such data (2).

In recent years there has been considerable concern about personal information being held on IT systems. But it may no longer be secure or available. 

Click to rate this post!
[Total: 0 Average: 0]

Scroll to Top