GDPR Data Protection Officer Skills
Data protection by design and default by Sergio Raneri- I consider data protection issues as part of the design and implementation of systems, services, products and business practices.
- I make data protection an essential component of the core functionality of our processing systems and services.
- I anticipate risks and privacy-invasive events before they occur, and take steps to prevent harm to individuals.
- I only process the personal data that we need for our purposes(s), and that we only use the data for those purposes.
- I ensure that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
- I provide the identity and contact information of those responsible for data protection both within our organisation and to individuals.
- I adopt a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
- I provide individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
- I offer strong privacy defaults, user-friendly options and controls, and respect user preferences.
- I only use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
- When I use other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account.
- I use privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations.
