Data Protection by Design
The GDPR requires us to think about data protection and privacy from the very start of any new use of personal data. For example when procuring a new piece of data hosting software, embarking on a new project, developing a new research project or when making a significant change to how we handle personal data.
Data protection by design includes assessing the purposes for the data collection and use, the security measures that will protect it, the retention and deletion needs, and how it can be accessed. It also requires us to have measures in place to protect privacy from the offset, for example to have settings within an App defaulted to the least privacy intrusive allowing the user to choose if they wish to change them. For some higher risk activities a Data Protection Impact Assessment will be required. If you are embarking on any of the above activities you can find out if a DPIA is needed and what you will need to do here
If what you are doing involves:
Any requests for any change involving IT, including but limited to;
- a new service (cloud hosted, or on site)
- change to an existing service (even if it appears that the change is to another currently supported service)
- use of any new software
Then please, see here for further information.