Integrating Privacy Compliance and Privacy by Design
Privacy by Design is an approach when developing new application or systems and privacy is incorporated into it, by default. It means your application is designed with privacy as a priority, along with whatever functions the application or system serves.
Integrating Privacy Compliance and Privacy by Design (CpbD) on the other hand is about integrating both the legal compliance obligations with Privacy by Design, resulting in a robust application that ensures legal compliance while ensuring privacy. In short, it helps to take away the compliance consideration from the user’s mind so that they can focus more on increasing their productivity and marketing.
As there are many articles on Privacy by Design, I will not be parroting such information and jump right into CPbD approach in this article. The objective is to allow solution designers and developers to understand this approach and integrate it in their design and development. They can also improve on existing applications they have developed using this approach which will greatly value-add their application.
So let’s get started!
Think through whether your application collects personal data, and if it does, then you need to use CPbD. In this explanation, I will use the Singapore PDPA 11 Obligations as a basis for the compliance consideration, and as mentioned, I will not discussed much about Privacy by Design because you can simply read about the 7 Principles when you Google for it.
In any Data flow process, you will have the following processes to consider:
- Collection of data
- Storage of data
- Use of data (functions) and Disclosure of data to other organisation outside your organisation
- Retention and Disposal
In the diagram above, you can see the various design considerations (indicated in RED Text) to be developed and incorporate into the application or system. The Left Column shows all the legal obligations (PDPA Singapore) matching with the data flow processes.
The advantage of using CPbD as you can see ensures that the organisation comply with the Privacy regulation by default in each of the processes. Required notifications need to be generated and everything is integrated, fulfilling Compliance requirement while ensuring Privacy by Design.
Common application or system will benefit from using CPbD will be:
- CRM: Customer Resource Management
- ERP / HRM
- Membership System
- Events Booking System
- Sales Funnel System
It will be great if more solution designers and developers understands about the Privacy Law and Privacy by Design, and incorporate into their application development so that organisation can comply with the law while have an assurance on the privacy and protection of the personal data they are processing which is becoming very important these days.
A Message from DataFrens…
Thanks for being a part of our community!
Do join us here at:
Read all our DataFrens articles here at:
