Data protection by design and default by Sergio Raneri
I consider data protection issues as part of the design and implementation of systems, services, products and business practices.
I make data protection an essential component of the core functionality of our processing systems and services.
I anticipate risks and privacy-invasive events before they occur, and take steps to prevent harm to individuals.
I only process the personal data that we need for our purposes(s), and that we only use the data for those purposes.
I ensure that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
I provide the identity and contact information of those responsible for data protection both within our organisation and to individuals.
I adopt a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
I provide individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
I offer strong privacy defaults, user-friendly options and controls, and respect user preferences.
I only use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
When I use other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account.
I use privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations.
