Internal, open access

Data Protection by Design

The GDPR requires us to think about data protection and privacy from the very start of any new use of personal data. For example when procuring a new piece of data hosting software, embarking on a new project or when making a significant change to how we handle personal data.

Data protection by design includes assessing the purposes for the data collection and use, the security measures that will protect it, the retention and deletion needs, and how it can be accessed. It also requires us to have measures in place to protect privacy from the offset, for example to have settings within an App defaulted to the least privacy intrusive allowing the user to choose if they wish to change them. For some higher risk activities a Data Protection Impact Assessment will be required. If you are embarking on any of the above activities you can find out if a DPIA is needed and what you will need to do here.

Things to do now

Contact IMPS

Page navigation

See also

 

Search Form

A-Z lists