Privacy by Design

Alain Bensoussan

The Privacy by Design (PbD) principle means that privacy and data protection are embedded throughout the entire life cycle of technologies, from the early design stage to their deployment, use and ultimate disposal. This in particular means that the protection of data must be at the heart of a company’s internal processes.

Adopting a PbD approach is a very visible trend in international groups and this trend is expected to grow significantly.

Privacy by Design can serve as a new tool to help companies stand out among their competitors and be a further mark of quality and trust for clients.

It will become pervasive, to the extent that it is in line with the spirit of the draft EU General Data Protection Regulation that is expected to amend Data Protection Directive 95/46/EC. The European Commission is indeed planning to make the Privacy by Design approach compulsory and proposes to adopt Privacy by Design for all products, services and systems involving personal data.

With a Privacy by Design policy, companies can make sure that their processing of personal data is consistent with the data protection legislation; it is therefore a tool for legal risk management.

The first step in setting up a Privacy by Design policy is to work out a methodology that will reflect it in technological projects. Next, an in-depth analysis of the processing concerned needs to be conducted. Based on the findings of the analysis, the company will be able to draft specifications, to be used for the building of the application, containing accurate features of the application. In this way, it will be easy to put the processing in line with the provisions of the applicable law (the company will have complete visibility on the categories of data, the origin of the data, the retention period of the data…).