Organizations must have adequate strategies and policies in place to incorporate the afore-mentioned data protection principles.
There are two main approaches to data privacy: privacy-by-design and privacy-by-default. Organizations must have mechanisms in place to incorporate the approaches of privacy-by-design and privacy-by-default in their product development. These two approaches complement each other, enable organizations to identify potential privacy impacts on data subjects and build technical strategies to address those impacts.
Privacy-by-design means embedding privacy into the design of IT products, systems, and business practices and integrating data protection considerations before the collection and processing of personal data. It refers to having in-built abilities that would prevent personal data breaches rather than repairing and restoring systems in the aftermath of a personal data breach.
To successfully implement the privacy-by-design approach, organizations must, at minimum, do the following:
Organizations must educate their product owners and developers on data protection principles so that they are able to automate and implement privacy-by-design principles in the product development and design stage.
The privacy-by-default approach requires organizations to implement appropriate technical and organizational measures to ensure that, by default, the data subject has been provided the strictest privacy measure available.
To successfully implement the privacy-by-default approach, organizations must, at minimum, do the following:
Privacy-by-default allows organizations to build efficient privacy technologies and consider data protection principles into their products throughout the product’s lifecycle.
In light of privacy-by-design and privacy-by-default approaches, organizations must designate data protection responsibilities in their teams and implement effective risk assessments.