Skip to content

Privacy By Design

One of the key concepts behind GDPR is that users should understand what is happening with their data. The requirement for transparency means that organisations should be able to describe the data they are collecting, the purpose of collection, who has access to this data, how long the data is retained for etc.

You will also need to demonstrate that the design of the system protects data from unnecessary access. Personal data should be encrypted when transmitted or stored. There should be appropriate access controls, so that only uses that need access to the data can get it, and only authorised users can get access.

As well as following GDPR regulations, organisations are required to document that they are GDPR compliant. Even if the regulations are followed, undocumented measures will be considered unimplemented, leaving you open to prosecution.

The responsibility for maintaining this information usually falls the the organisations Data Protection Officer. However, when designing systems keeping track of information that you should be asked for will save you time.

Details of data collection and processing should be well documented, and should include:

  • Details of PII (Personally Identifiable Information) collected, and justification for collecting it.
  • How long the data will be kept for
  • How and where the data is stored.
  • Who can access the data, and the data owner.
  • What processes use this data.
  • Details of any 3rd parties that this data is shared with.

While there is no set format for this documentation, as the needs of businesses differ, the ICO has some examples1.

Transparency for Data Subjects

Allowing people to understand what is happening with their data is a key point. If you have a database, that contains Personally Identifiable Information, then the people who the data belongs to should be able to understand what you are collecting, why you are collecting it, who has access to the data, and how long you will keep the data for.

If we do the design part correctly, this should come easily. A system with well documented processes, and procedures for handing data, is easy to explain.

Informed Consent, and privacy by default.

Another major component of GDPR is the principle of informed consent. This means that user will have to actively agree to any data storage and processing.

At the front end, This means that we need to provide the user with a mechanism to opt-in to data storage and collection. This option should be available at any time (for example, not only at sign up). We also need to provide the user with a mechanism to view, edit, or delete any data about themselves. At the backend we need a mechanism for storing these preferences, along with timestamps to show when the option was selected.

Warning

Opt-In is the important part here, the regulations state that the user must agree to data collection and processing. Having "Agree" selected by default is not acceptable, as is assuming consent if the user hasn't agreed to it.

I find this is an interesting one, Personally, I feel that many sites are not complying with the Spirit of this element of the regulations. There seem to be lots of "work around" to apply the rules as written, but not as intended. Things like spamming you with cookie notices where "Accept all" is a big green button, but you have several stages to deselect are one common example.

Task

Review the information from the ICO, on documenting processes. We will be using this in the Lab session.

  1. How do we document our processes (ICO) 

Back to top