Companies already paid €2,720,000,000 in GDPR fines. Per our research, 80% of the sites have broken privacy controls.
One of the important trends of modern software development is privacy by design and privacy by default principles.
Privacy by design stands that organizations should consider data protection issues as part of the design and implementation of systems, services, products, and business practices.
The GDPR requires you to integrate data protection concerns into every aspect of your processing activities. This approach is data protection by design and by default.
In this article, we’ll be taking an in-depth look at the privacy by design principle and how to achieve it with simple steps.
I will talk about an open-source product our team develops called Databunker and how it can help.
Databunker is an open-source secure vault for customer records built with the privacy by design principle. This product brings compliance out of the box for any company implementing Databunker. Databunker can serve as a foundation for your privacy by design solution.
The following is a partial list of actions to make your business privacy by design compliant.
For GDPR compliance, your company should map every moment of the personal data lifecycle. The company must know what happens to personal data, why and if any external parties are involved. You need to identify all 3rd party services that have even access to the personal data including access to partial data.
Ensure that any data processor your company is using also implements appropriate technical and organizational measures for personal data security.
Consult with the lawyers at this step.
Consult with the lawyers at this step.
You need to minimize the personal data your business collects. A general rule for you is to keep personal data at minimal only required to perform the business and remove all unused data. You need to do it to comply with data minimization and storage limitation GDPR principles.
One of the results of this rule is that you need to remove personal data for expired trial customers of customers that left the company service.
Databunker can be used for secure personal data storage. Check this article for additional information: https://databunker.org/use-case/data-minimization/
GDPR stands on integrity and confidentiality as leading principles. These principles tell that appropriate security measures should be in place to protect personal data.
Although there are no explicit GDPR encryption requirements, the regulation does require you to enforce security measures and safeguards. The GDPR repeatedly highlights encryption and pseudonymization as “appropriate technical and organizational measures” of personal data security.
Databunker stores your customer’s personal data in an encrypted manner and builts a secure index to search for personal records. In addition Databunker supports session data encryption and storage.
Pseudonymisation is a perfect solution for cross-border personal data transfer. When saving a user object in Databunker you are getting a user token. This user token is a user’s pseudonymized identity. When performing a cross-border transfer, change user personal data with a user token generated by Databunker. Pseudonymisation helps with storing logs: https://www.freecodecamp.org/news/how-to-stay-gdpr-compliant-with-access-logs/
You can use our training for your personal. Use the following link: https://basebunker.com/
It is a key element of the GDPR’s risk-based approach and its focus on accountability, i.e. your ability to demonstrate how you are complying with its requirements.
Databunker can keep track of any operation with personal data.
Cross-border personal data transfer is an extremely important aspect of GDPR. Especially with the invalidation of the Privacy Shield Framework. This framework was used by 5,000 U.S. companies to conduct trans-Atlantic trade in compliance with EU data protection rules. The reason behind this decision is that the current level of protection given to personal data under US law cannot be considered to be the same provided by the European Union. This is largely due to US surveillance programs.
Today, you have a number of solutions to do the cross-border transfer.
There are several methods to make your logs privacy compliant. For example, using pseudonymization. Check the following article for additional information: https://www.freecodecamp.org/news/how-to-stay-gdpr-compliant-with-access-logs/