LGPD is already a reality, and the entire digital market continues to undergo its transformation and adaptation.
With the sanction of so many privacy regulation, like the GDPR, CCPA, LGPD - General Data Protection Law coming into force, one of their principles is the "Privacy by Design".
With it, all companies that collect personal data such as email, name, phone number, among others, must be attentive to its guidelines and obligations. With the arrival of new laws, some terms begin to stand out, one of them is Privacy by Design, learn more in this post.
Privacy by Design is a concept that was developed in the 1990s by Dr. Ann Cavoukian, former Commissioner of Information and Privacy for the Province of Ontario. She observed the need for a mechanism to ensure user privacy.
The mechanism aims to ensure the end-to-end protection of data and privacy. From the conception of processing activities and business practices, throughout the data's entire lifecycle.
If you want to ensure the security and privacy of users through the Privacy by Design approach, a good starting point is to follow the 7 principles created by Dr. Cavoukian:
1. Proactive not Reactive – Anticipate and prevent privacy breaches. Don't wait for risks to materialize before taking action.
2. Privacy as the Default Setting – Strive to deliver the highest level of privacy automatically, ensuring that personal data is protected by default in any type of business, i.e., without the need for user configuration.
3. Privacy Embedded into Design – Privacy is an essential component of system functionality and not an optional add-on.
4. Full Functionality – Positive-sum, not zero-sum – Ensure that the protection of personal data aligns with the legitimate interests of those responsible for processing this information. And that it occurs in a positive, "win-win" perspective between the data subject and data processors.
5. End-to-End Security – Data protection must occur throughout the data lifecycle – collection, storage, processing, use, and disposal.
6. Visibility and Transparency – Clear view of collected data, along with the reasons for collection and with whom they are being shared. These can be verified by the data subject at any time.
7. Respect for Customer Privacy – Above all, the consumer's desire. Implement mechanisms that protect their data, keeping them informed clearly and appropriately.
Seeking ways to comply with the General Data Protection Law, which came into effect in August 2020, is an ongoing necessity for many companies.
The fundamental principles of Privacy by Design are an excellent starting point, and many of them influenced the construction of the Internet Civil Rights Framework even before LGPD.
Article 6 of the law, for example, includes points such as purpose, necessity, transparency, and security that would not be new to those who already follow the principles of Privacy by Design.
Of course, the law encompasses other aspects not covered by PbD; however, for those who have not yet started planning for LGPD, it can be a good starting point.
The Data Protection Officer, or DPO, is a new position that emerged all over the globe with the new privacy regulations, and more recently at the LGPD. Although it already existed in other international legislations, such as the EU's GDPR, it is still a novelty here since 2020. Along with it comes the possibility of outsourcing, known as DPO as a Service (DPOaaS).
© GO ADOPT, LLC since 2020 • Made by people who love🍪