When designing our website, we sought expert advice on how to implement “PRIVACY BY DESIGN”, as it was our primary objective in presenting a website built to safeguard YOUR individual rights as outlined by the GDPR Principles.
The following 12 steps were defined and acted upon:
- We implemented data protection issues as part of the design and implementation of systems, services, products and business practices.
- We made data protection an essential component of the core functionality of our processing systems and services.
- We anticipate risks and privacy-invasive events before they occur, and take steps to prevent harm to individuals.
- We only process the personal data that we need for our purposes(s), and that we only use the data for those purposes.
- We ensure to the best of our ability that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
- We provide the appropriate communication channels where our members can dialogue with us.
- We adopt a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
- We provide individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
- We offer strong privacy defaults, user-friendly options and controls, and respect user preferences.
- We only use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
- When we use other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account.
- We use privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations.
Rest assured, we are not perfect and have no doubt that we may have not taken certain aspects into account, not because we have ignored them but because they have slipped our radar. Tell us, this is the only way we can improve our service and commitment of trust to YOU.
At GDPR Registrar, Trust is Everything!
This article has not been revised since publication.
This post was created by ehgdrpdpo on March 3, 2019.