Information Governance and Security
- / Information Governance and Security /
- Information Governance /
- Information Governance For The University /
- Data Protection /
- Privacy by Design
Privacy by Design
The GDPR introduces the concept of data protection or privacy by design.
We need to develop our everyday processes to incorporate the following considerations:
1. Data Protection Impact Assessment (DPIA) (see below) to assess and manage privacy risk, to be used at the earliest opportunity in a project design (and should be revisited periodically over the working life of a project). Remember this is a mandatory requirement for some higher risk activities (potentially carrying fines of up to €10million if not done or done incorrectly)
2. DPIA's conducted on exisitng processes (periodically) to check that privacy risk are being properly managed
3. Regular Privacy audits conducted by the Data Protection Officer (DPO). These audits will be reported to the Audit and Risk Committee (ARC)
4. All processes continually reviewed so that privacy concepts such as data minimisation are a constant consideration in day-to-day processing of personal data i.e. the question should be constantly asked - am I processing the minimum amount of information required for the purpose? For example - if someone needs a list of students with special needs, do I need to include the reason for the special needs or will the minium of just the name (or even just the student number) suffice?
5. Remember data protection law only applies to data which is ‘Personal Data’ – i.e. it is possible to link the data to a living individual either directly or indirectly. It therefore follows that if you can reliably remove all identifiable elements of the data and truly anonymise it, then it no longer is ‘Personal data’ and data protection laws do not apply. However, properly anonymising data is not always easy and if often much more than simply removing obvious identifiers (e.g. name). GDPR also introduces the concept of Pseudonimisation which is where the identifiable data is separated from the core data and kept separately, but it is still possible to re-identify at some point. Although you have not truly anonymised the data (and therefore it is still Personal Data) the pseudonymised core data now has a lower risk associated with it’s processing. See full guidance on Anonymisation / Pseudonymisation for further details
6. Information security should be a constant consideration in both the design of systems/processes and our day-to-day processing activity - what is the most secure way of sending information?; who has access to this file/folder/system? Is personal data left out to be seen by unauthorised people? and so on...