In this video, Kalinda Raina dissects privacy by design, a key concept of the EU General Data Protection Regulation (GDPR). Learn what privacy by design is, and how it can help an organization comply with GDPR.
- Privacy by design is a key concept of the GDPR. While the idea has been around for some time, the GDPR makes it a legal requirement. Privacy by design means thinking about data privacy and its implications when you're developing products, features, even marketing campaigns based on personal data. It also means encouraging employees to ask themselves questions before collecting or using data. Questions such as, do I need all the data I am collecting here? Could I do this work without using personal data at all? Am I using the data in a way a user may not expect? And do I have a plan to delete this data once myself or my team no longer need it? The GDPR also encourages organizations to document key privacy decisions they make around the collection, use, and storage of personal data.
Documenting compliance with the GDPR may be one of the most challenging and time-consuming aspects of this law. There are several ways an organization can demonstrate and document compliance. First, your organization may need to complete a privacy review process of products or features to ensure GDPR compliance before they go live. This is often referred to as a Data Protection Impact Assessment or DPIA. DPIAs help document key decisions within an organization that have a privacy impact.
Second, your company should also inventory the personal data it stores and collects. In addition, audit should be conducted regularly to ensure the mapping of your data flows is always up to date. Third, your company should update its existing policies and procedures or if none exists develop new ones that outline how personal data will be protected, deleted, and processed. Fourth, provide training to ensure employees understand their role in helping to protect data and honor customer requests.
This is key. Without training, employees will not understand their responsibilities and meeting the standards of GDPR requires everyone in an organization to be on the same page about data privacy. Finally, consider setting up a help center for users so that they know how to easily exercise their data subject rights. And if you're an online organization, consider updating those settings you offer your users. If you remember nothing else, remember the golden rule. Treat the personal data of others with the same care as you would want your own data treated.
Most privacy issues can be resolved by following this simple rule.
DISCLAIMER: Neither LinkedIn nor the instructor represents you, and they are not giving legal advice. The information conveyed through this course is not intended to give legal advice, but instead to communicate information to help viewers understand the basics of the topic presented. Certain concepts may not apply in all countries. The views (and legal interpretations) presented in this course do not necessarily represent the views of LinkedIn or Lynda.com.