Audit modelChecklist privacy by design & by default (source : ICO)
ICO
Privacy by design & by default checklist from the ICO, the UK Data Protection Authority.
1. Taking into account data protection issues
1.1. We consider data protection issues in the design and implementation of systems, services, products and business practices.
2. Data minimization
2.1. We only process the personal data we need for our purposes, and we only use the data for those purposes.
3. Essential nature of data protection in the functionality
3.1. We make data protection an essential component of the basic functionality of our processing systems and services.
4. Anticipation of privacy risks and events
4.1. We anticipate privacy risks and events before they occur, and take steps to prevent harm to individuals.
5. Automatic nature of personal data protection
5.1. We ensure that personal data is automatically protected in any computer system, service, product and/or business practice, so that individuals do not have to take specific steps to protect their privacy.
6. Provision of the identity and contact information of responsible persons
6.1. We provide the identity and contact information of the persons responsible for data protection within our organization and to individuals.
7. Clarity and understanding of what is done with personal data
7.1. We adopt a "plain language" policy for all public documents so that individuals can easily understand what we do with their personal data.
8. Provision of control tools to individuals
8.1. We provide individuals with tools to determine how we use their personal data and whether our policies are being properly applied.
9. Default values for privacy, control and preferences
9.1. We provide strong privacy defaults, user-friendly options and controls, and respect user preferences.
10. Guarantees offered by subcontractors
10.1. We only use subcontractors who offer sufficient guarantees regarding their technical and organizational measures for data protection by design.
11. Warranties for other systems, services or products
11.1. When we use other systems, services or products in our processing activities, we ensure that we only use those whose designers and manufacturers take into account data protection issues.
12. Use of privacy-enhancing technologies
12.1. We use privacy enhancing technologies (PETs) to help us comply with our data protection obligations by design.
Created at:2023-02-01T21:28:46.9607688
Updated on :2023-12-30T14:58:05.6688014
License : © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC
Attribution / Pas d'utilisation commerciale
CC-BY-NC
author :
Uses :1