Welcome to Scribd!

Privacy by Design Principles

Uploaded by

0% found this document useful (0 votes)

58 views3 pages

This document outlines privacy by design principles for new and changing processing systems and activities at an organization. It discusses responsibilities for ensuring privacy by design, including assigning the Management System Owner to oversee compliance and the Data Protection Officer to review the principles. It also details procedures for limiting personal data collection and processing, maintaining data accuracy, minimizing personal data storage, and approving privacy by design documentation.

Original Description:

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

58 views3 pages

Privacy by Design Principles

Uploaded by

Bay

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 3

Search inside document

Privacy by Design Principles

DocumentKits Issue No: 1.0 Organisation Issue No:

DocumentKits Issue Date: 26/06/2020 Organisation Issue Date:

1. Scope

All new and changing processing systems and activities are subject to these principles.

2. Responsibilities

Management System Owner (MSO) is responsible for ensuring that all new processing systems and activities
are designed in accordance with these principles.

Each Process Owner is responsible for ensuring that the design is implemented.

Data Protection Officer is responsible for reviewing these principles and confirming that they meet the
standards mandated

3. Procedure

3.1 The process design procedure is described

3.2 Process designs are documented

3.3 Process designs consider all the following principles both individually and in combination .

Limit collection

3.4 This principle also applies to indirect and incidental collection of personally identifiable information (PII)
(e.g. through logs, cookies, etc.).

3.4.1 The process is designed to require only the minimum PII necessary to fulfil the purpose of the
processing.

3.5 For each process, identify:

G42
Classification_1,Classification_2,Classification_3,Classification_4
This document contains material that is distributed under licence from IT Governance Publishing Ltd.
3.5.1 What information is adequate for the purpose of the processing?
3.5.2 What information is relevant to the purpose of the processing?
3.5.3 What information is necessary for the purpose of the processing?

3.6 Where PII for the processing is optional, or the purpose has optional extensions, the process should
default to only collect the minimum.

3.7 Collection of PII should also account for new information generated by processing activities, including
temporary files.

Limit processing

3.8 Processing activities are limited to that necessary to fulfil the purpose of the processing.

3.9 Process Owner's should note that processing activities also include:
3.9.1 Disclosure;
3.9.2 Storage; and
3.9.3 Access.

3.10 Process Owner's review their processing activities to confirm that processing is limited.

Maintain accuracy and quality

3.11 G42 ensures that PII used in processing activities is as accurate, complete and up to date as is necessary
for the purpose of the processing, and that this is maintained throughout the lifecycle of the PII.

3.12 PII principals are able to actively rectify the PII held by G42 through

3.13 When PII is collected directly from the PII principal, G42

3.14 When PII is collected from another source, G42

3.15 Process Owner identifies a review period for the processing activity to reassess and/or validate the
accuracy of the PII. This is recorded

Minimise PII

3.16 Process Owner's identify how and when PII can be limited relative to the purposes of the processing,
including when the PII is no longer necessary for the purposes for which it was collected.

3.17 Process Owner's document the extent to which the processing activity requires the PII to be associated
with the PII principal.

3.18 G42 minimises the PII it holds through the following methods:

3.18.1

3.18.2

3.18.3

3.19

Document owner and approval

The Management System Owner (MSO) is the owner of this document and is responsible for ensuring that it
is reviewed in line with the requirements of the management system.

The current version of this document is available to and is published

Its approval status can be viewed in the Master List of Document Approval.

G42
Classification_1,Classification_2,Classification_3,Classification_4
This document contains material that is distributed under licence from IT Governance Publishing Ltd.

Data Privacy: A runbook for engineers
From Everand
Data Privacy: A runbook for engineers
Nishant Bhajaria
No ratings yet
Incident Management Process Guide For Information Technology
From Everand
Incident Management Process Guide For Information Technology
Carlo Figliomeni B.B.M.
No ratings yet
Processing Contracts Procedure
Document3 pages
Processing Contracts Procedure
Bay
No ratings yet
Transmission of PII Procedure
Document2 pages
Transmission of PII Procedure
Bay
No ratings yet
Obligations To PII Principals Procedure
Document2 pages
Obligations To PII Principals Procedure
Bay
No ratings yet
04 - Isms Scope Document
Document2 pages
04 - Isms Scope Document
Cyber Punk
No ratings yet
GDPR's Requirements With: How IT Security Solutions Can Help Meet The
Document19 pages
GDPR's Requirements With: How IT Security Solutions Can Help Meet The
Dragos Coman
No ratings yet
Cnil Pia 1 en Methodology
Document13 pages
Cnil Pia 1 en Methodology
Madlen Ana
No ratings yet
Business System Planning
Document25 pages
Business System Planning
Santosh Adhikari
No ratings yet
HCL GDPR Compliance White Paper
Document12 pages
HCL GDPR Compliance White Paper
Prashanth Nagaraj
No ratings yet
Data Protection Impact Assessment Procedure (Tier 2)
Document5 pages
Data Protection Impact Assessment Procedure (Tier 2)
Chandrashekar M
No ratings yet
SAD Chapter Three
Document41 pages
SAD Chapter Three
Solomon Melese
No ratings yet
Defradar - Supplier GDPR Assessment Procedure
Document6 pages
Defradar - Supplier GDPR Assessment Procedure
Jakobović Domagoj
No ratings yet
Asia Pacific University of Technology & Innovation
Document33 pages
Asia Pacific University of Technology & Innovation
Abubaker Baffik Kigenyi
No ratings yet
Chapter 3:system Analysis and Design
Document10 pages
Chapter 3:system Analysis and Design
Joseph Mghenja
No ratings yet
Gym Management System
Document54 pages
Gym Management System
vickram jain
No ratings yet
Access Control and Physical Security Policy Template v1.0
Document10 pages
Access Control and Physical Security Policy Template v1.0
rsgrthyjh
No ratings yet
Data Protection Impact Assessment
Document6 pages
Data Protection Impact Assessment
Spit Fire
No ratings yet
Cipl-Idp White Paper On Top Priorities For Public and Private Organizations To Effectively Implement The LGPD 1 September 2020
Document28 pages
Cipl-Idp White Paper On Top Priorities For Public and Private Organizations To Effectively Implement The LGPD 1 September 2020
Ana Clara de Roure
No ratings yet
71579iasb57608 Sia 520
Document14 pages
71579iasb57608 Sia 520
mayavannan
No ratings yet
CP-139 - Corporate Data Management - CoP
Document22 pages
CP-139 - Corporate Data Management - CoP
cgnanapon
No ratings yet
Logfile Retention Policy
Document3 pages
Logfile Retention Policy
Sopor
No ratings yet
Data Protection Impact Assessment Policy
Document29 pages
Data Protection Impact Assessment Policy
Check
No ratings yet
MGTproject
Document12 pages
MGTproject
Prathmesh Pawar
No ratings yet
Data Warehouse System
Document10 pages
Data Warehouse System
sheth onyango
No ratings yet
Report
Document8 pages
Report
Rashnil Dhanotia
No ratings yet
Chapter 13
Document1 page
Chapter 13
dfgsdjgjn sdgjnsdnj
No ratings yet
GNTMASTERMINDS
Document39 pages
GNTMASTERMINDS
Prabha Govindasamy
No ratings yet
Does GDPR Article 30 Require A Data Inventory?
Document6 pages
Does GDPR Article 30 Require A Data Inventory?
Marco Stissi
No ratings yet
Gym Management System
Document50 pages
Gym Management System
NG COMPUTER
No ratings yet
Risk Assessment & Data Protection Impact Assessment: Guide
Document60 pages
Risk Assessment & Data Protection Impact Assessment: Guide
max
No ratings yet
Management Information System MIS
Document5 pages
Management Information System MIS
Syeda hudaibiya
No ratings yet
Unit 3 Architecting The Data: Structure
Document30 pages
Unit 3 Architecting The Data: Structure
gaardi
No ratings yet
Project Report On Gym Management System
Document57 pages
Project Report On Gym Management System
Govind Singh Parihar
60% (5)
Project Report On Gym Management System
Document113 pages
Project Report On Gym Management System
Jageshawar
No ratings yet
Nitesh Project Document Format Structure
Document114 pages
Nitesh Project Document Format Structure
Siddhesh S. Bhargude
No ratings yet
BSI Standard 100-2 e PDF PDF
Document93 pages
BSI Standard 100-2 e PDF PDF
seiffg
No ratings yet
GDPR CIS White Paper
Document8 pages
GDPR CIS White Paper
Simone Giorgi
No ratings yet
Cai Data Protection Policy
Document18 pages
Cai Data Protection Policy
api-290692023
100% (1)
Management Information System
Document10 pages
Management Information System
Tinsaenesh Tilahun
No ratings yet
OneTrust GDPR ComplianceChecklist DIGITAL
Document7 pages
OneTrust GDPR ComplianceChecklist DIGITAL
Heberlucas Oliveira
No ratings yet
IT1106 - Information Systems Syllabus - Final
Document4 pages
IT1106 - Information Systems Syllabus - Final
isuru malinda
No ratings yet
GDPR Project Plan EN
Document7 pages
GDPR Project Plan EN
Nipun Mistry
No ratings yet
MCQ On Management Information System Ans PDF
Document20 pages
MCQ On Management Information System Ans PDF
Susmita Biswas
90% (10)
Software Requirements Specification Placementify: Version 1.0 Approved
Document27 pages
Software Requirements Specification Placementify: Version 1.0 Approved
onkar pandole
No ratings yet
Software Requirements Specification Placementify: Version 1.0 Approved
Document27 pages
Software Requirements Specification Placementify: Version 1.0 Approved
onkar pandole
No ratings yet
Software Requirements Specification Placementify: Version 1.0 Approved
Document27 pages
Software Requirements Specification Placementify: Version 1.0 Approved
onkar pandole
No ratings yet
Sales & Customer Tracking System
Document3 pages
Sales & Customer Tracking System
krishnithyan
No ratings yet
ISO27000 2018 Glossary
Document11 pages
ISO27000 2018 Glossary
sh3ll.sh4d0w
No ratings yet
ISC2 - GDPR - Framework For Success
Document1 page
ISC2 - GDPR - Framework For Success
Manju Devaraj
No ratings yet
National Data Management Office (NDMO) of Saudi Arabia - BigID Capabilities Mapped To Specification
Document10 pages
National Data Management Office (NDMO) of Saudi Arabia - BigID Capabilities Mapped To Specification
Shivendra Rai
No ratings yet
Access Control Policy
Document8 pages
Access Control Policy
Revive Revival
No ratings yet
BSI Standard 100-2
Document93 pages
BSI Standard 100-2
Carlo Cafiero
No ratings yet
Assignment 4: Creating The Logical Architecture
Document20 pages
Assignment 4: Creating The Logical Architecture
api-651266391
No ratings yet
Audit Sistem Informasi Manajemen Aset Berdasarkan Perspektif Proses Bisnis Internal Balanced Scorecard Dan Standar Cobit 4.1
Document8 pages
Audit Sistem Informasi Manajemen Aset Berdasarkan Perspektif Proses Bisnis Internal Balanced Scorecard Dan Standar Cobit 4.1
Roro Asri Ismaya
No ratings yet
Struct Doc Gov Serv
Document7 pages
Struct Doc Gov Serv
Yefferson Gomez
No ratings yet
Information Security Management System Policies - V8
Document32 pages
Information Security Management System Policies - V8
Sekar Krish
No ratings yet
Procurement Process Analysis Using Process Mining in Cement Manufacturing Company (Case Study PT. Semen Indonesia Persero, TBK)
Document6 pages
Procurement Process Analysis Using Process Mining in Cement Manufacturing Company (Case Study PT. Semen Indonesia Persero, TBK)
alma millania
No ratings yet
Project Report On Gym Management System
Document175 pages
Project Report On Gym Management System
Brightkofi Otchere
No ratings yet
Healthy Living Pte. Ltd. (HL) Is One of The Leading Nutrition, Health and Wellness Multinational
Document9 pages
Healthy Living Pte. Ltd. (HL) Is One of The Leading Nutrition, Health and Wellness Multinational
Anu Shrestha
No ratings yet
Top Left Text Top Right Text
Document50 pages
Top Left Text Top Right Text
Bay
No ratings yet
Gartner - How To Build Advanced KRIs That Influence Business Decision Making
Document28 pages
Gartner - How To Build Advanced KRIs That Influence Business Decision Making
Bay
No ratings yet
GRC Tool - RFP Document - 8 March 2019
Document65 pages
GRC Tool - RFP Document - 8 March 2019
Bay
No ratings yet
Schedule 23 - SERVICE PERFORMANCE MANAGEMENT
Document15 pages
Schedule 23 - SERVICE PERFORMANCE MANAGEMENT
Bay
No ratings yet
Vebuka SMS-DOC-084-7 Capacity Plan
Document12 pages
Vebuka SMS-DOC-084-7 Capacity Plan
Bay
No ratings yet
Contents List
Document1 page
Contents List
Bay
No ratings yet
Risk Analysis and Evaluation Toolkit
Document338 pages
Risk Analysis and Evaluation Toolkit
Bay
100% (2)
Vebuka SMS-DOC-085-2 Change Management Process
Document30 pages
Vebuka SMS-DOC-085-2 Change Management Process
Bay
No ratings yet
ISMS-FORM-06-3 Scenario-Based RAT Tool
Document20 pages
ISMS-FORM-06-3 Scenario-Based RAT Tool
Bay
No ratings yet
Oath of Undertaking
Document1 page
Oath of Undertaking
Rose Mae Lambanecio
88% (8)
UAV Flight Log
Document9 pages
UAV Flight Log
Ary R
No ratings yet
Judge Jim Crockett Blasts The County Coroner's Office
Document18 pages
Judge Jim Crockett Blasts The County Coroner's Office
Las Vegas Review-Journal
No ratings yet
Code of Conduct and Ethics PDF
Document44 pages
Code of Conduct and Ethics PDF
Ananiya Shaikh
No ratings yet
Bayanan 2
Document63 pages
Bayanan 2
Angelika Calingasan
No ratings yet
Ex Post Facto Law
Document18 pages
Ex Post Facto Law
Jomar Ababa Denila
No ratings yet
Department of Labor and Employment: Republic of The Philippines
Document76 pages
Department of Labor and Employment: Republic of The Philippines
Paolo Gonzalez
No ratings yet
General Terms and Conditi Ons of The "World of Winners" Ticket Offers Campaign
Document5 pages
General Terms and Conditi Ons of The "World of Winners" Ticket Offers Campaign
apolbus
No ratings yet
LSP1 - Online - Safety - UK - Text
Document2 pages
LSP1 - Online - Safety - UK - Text
Filip Tim Stafylas
No ratings yet
Marital Rape Footnotes
Document5 pages
Marital Rape Footnotes
Priyadarshan Nair
No ratings yet
RT The Way We Work en
Document17 pages
RT The Way We Work en
John Kalvin
No ratings yet
An Analysis On Consensual Amorous Relationships Between Faculty and Students
Document8 pages
An Analysis On Consensual Amorous Relationships Between Faculty and Students
Pamela Denise
No ratings yet
74.SocialQ&a An Online Social Network Based Question and Answer System
Document5 pages
74.SocialQ&a An Online Social Network Based Question and Answer System
Srinivas Nandikanti
No ratings yet
Statement of Mark Kentwell 29.03.2023 (Website)
Document3 pages
Statement of Mark Kentwell 29.03.2023 (Website)
Simon McCarthy
No ratings yet
What Is A Digital Signature
Document11 pages
What Is A Digital Signature
Mohit
No ratings yet
כג
Document12 pages
כג
api-3718604
No ratings yet
Medical Development PowerPoint Template
Document16 pages
Medical Development PowerPoint Template
sugam
No ratings yet
ChatGPT and The Future of Work
Document24 pages
ChatGPT and The Future of Work
Anup
100% (1)
Marital Rape in India
Document10 pages
Marital Rape in India
Abubakar Mokarim
0% (1)
Societal Impact - Hots
Document6 pages
Societal Impact - Hots
rizwana fathima
No ratings yet
Right To Privacy in India PDF
Document12 pages
Right To Privacy in India PDF
Manwinder Singh Gill
No ratings yet
Letter of Required Support Form en
Document3 pages
Letter of Required Support Form en
Jamal
No ratings yet
CKYC Annexure - Current Account Opening
Document2 pages
CKYC Annexure - Current Account Opening
Deepankar Singh
No ratings yet
Chapter 4 Managing Marketing Information To Gain Customer Insights
Document43 pages
Chapter 4 Managing Marketing Information To Gain Customer Insights
Premtim Berisha
No ratings yet
A Beginners Guide To Data and Analytics
Document22 pages
A Beginners Guide To Data and Analytics
Plush Otcovski
100% (1)
Home and Community Support CHCHCS001 Provide Home and Community Support Services
Document31 pages
Home and Community Support CHCHCS001 Provide Home and Community Support Services
kul1990
100% (1)
Fave Hotel Semarang Mr. Andreas & Mr. Bambang PDF
Document2 pages
Fave Hotel Semarang Mr. Andreas & Mr. Bambang PDF
Dani Indra Kumara
No ratings yet
iVMS-4200 Client: User Manual
Document100 pages
iVMS-4200 Client: User Manual
Armado Diaz
No ratings yet
AV Policy Guidance PDF
Document116 pages
AV Policy Guidance PDF
TechCrunch
100% (1)
SLU Data Privacy Policy Consent Form
Document6 pages
SLU Data Privacy Policy Consent Form
Budong Bernal
No ratings yet