GDPR-07 150 150 CloudGovCo

Protection by Design Checklist

Follows Protection (Privacy) by Design principles and implements appropriate technical and organizational measures in an effective way to meet the requirements of the GDPR and protect the rights of data subjects.

  • All data processing systems are designed and implemented, from the start, with privacy in mind.
  • Appropriate technical and organizational measures are in place to effectively safeguard personal data.
  • Protocols are in place to meet the requirements of the GDPR and protect the rights of data subjects.
  • Protocols are in place to ensure that only data absolutely necessary for the completion of its business will be processed.
  • Access to personal data is limited to only those employees needing the information to complete the business process.
  • Personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
  • Data protection is an essential component of the core functionality of processing systems and services.
  • Anticipates risks and privacy-invasive events, and takes steps to prevent harm to individuals.
  • Use privacy-enhancing technologies (PETs) to assist in complying with data protection by design.
  • Provides the identity and contact information of those responsible for data protection.
  • Has a ‘plain language’ policy for any public documents so that individuals easily understand what is being done with their personal data.
  • Only processes the personal data that is need for the purposes(s), and only use the data for those purposes.
  • Provide individuals with tools so they can determine how their personal data is used, and whether policies are being properly enforced.
  • Offer strong privacy defaults, user-friendly options and controls, and respect user preferences.
  • Use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
  • Use other systems, services or products in processing activities, whose designers and manufacturers take data protection issues into account.