Privacy by Design

Privacy by Design is a method of planning and implementing a system architecture that fully supports individual rights and protects people’s data.

An architecture built this way should include:

• Data inventory
• Retention policy
• Minimization policy
• Consent management
• Security mechanisms

The goal is to maintain ultimate control over data by knowing who, when, and where the data was collected from, as well as being able to consult this metadata while processing the data itself.

More than just protecting data, it’s about retaining the trust of those who provide it.

Privacy by Design emphasizes maintaining and using metadata about the data: knowing precisely who accessed the data and when, where the data originated, and how many copies exist throughout its entire lifecycle.

Privacy by Design principles

Key principles of Privacy by Design include:

1. Protecting and auditing customer data.
2. Preventing the misuse or sharing of data without consent.
3. Enforcing user preferences and consent management, and honoring them.
4. Reducing data footprints with data minimization.
5. Making the implementation of Data Subject Access Requests (DSARs) and the Right to Be Forgotten (RTBF) native to your system.
6. Supporting and honoring data regulations around the globe.
7. Supporting other functional compliance requirements, such as data retention, data sovereignty, and data localization.

Driven by the General Data Protection Regulation (GDPR), in force since 2018, Privacy by Design is the foundation for how modern systems should be built.

Note

See this case study to learn how Piiano Vault enabled a Privacy by Design solution that helped a prominent medical device vendor comply with data residency regulations while minimizing changes to their application architecture.