chapter 7 Flashcards
what are the 7 DPbD Principles
proactive and preventive
data protection by default
end to end security
data minimisation
user centricity
transparency
risk minimisation
what is the DPbD Principles: Proactive and Preventive
DPbD approach is characterized by proactive
rather than reactive measures
* It anticipates and prevents personal data invasive
incidents
* It comes before-the-fact, not after.
DPbD begins with recognising the value of
proactively adopting data protection practices
* Assess, identify, manage and prevent any data
protection risks before data breaches occur
* Good design and data management practices
what is the DPbD Principles: Data Protection by Default
DPbD ensures that personal data are
automatically protected in any given system or
process
* If an individual does nothing, their personal data is
protected
* No action is required on the part of the individual.
Data protection measures must be
* Integrated into processes and features of the systems
* Automatically provided as default settings.
what is DPbD Principles: End-to-end Security
Data protection measures must be embedded
into the entire SDLC
* From the point that personal data is collected until it is
purged from the system
* Applied security must assure the confidentiality,
integrity and availability of personal data.
Personal data must be continuously protected
across the entire domain and throughout the life-
cycle of the data, including
* Across the entire business and 3rd party organisations
* Across the entire IT system eco-system.
what is DPbD Principles: Data Minimisation
Data minimisation means to strictly collect, store
and use personal data that is relevant and
necessary
* Direct way to limit personal data leakage
* Do not “collect first and think of what to do with it later”.
Key actions include
* Assess for data minimisation throughout the data
lifecycle – map data to specific purpose
* Create a Data Retention Schedule suitable that is the
business.
what is DPbD Principles: User Centricity
Systems and processes should be developed
with the interest of the individuals in mind.
Empowering individuals to play active role in
managing their own data may be the single most
effective check against abuse and misuse
* Consent – specific consent for the collection, use or
disclosure of personal information
* Access – personal information is accurate and
complete, provide access to review and have it
amended.
what is DPbD Principles: Transparency
Transparency and visibility are essential to
establishing accountability and trust.
Key actions include
* Take an active role in informing individuals on what
personal data is collected from them and how it is
being used, as well as if there are any third parties
involved in processing their personal data
* Identify and use appropriate means to provide such
information
what is DPbD Principles: Risk Minimisation
An important aspect of DPbD is,
* to prevent or reduce the likelihood of adverse incidents,
or
* to reduce the impact of adverse incidents that do occur.
Key actions include
* Systematically identify and mitigate data protection risk,
as much and as early as possible
* Designing and implementing the right processes and
relevant data protection measures when processing
personal data
* Monitor the effectiveness of risk minimisation measures
what are the DPbD Activities in Systems Development Life Cycle
Requirements
Design
Development
Testing
Deployment
Maintenance
similarities between waterfall and agile methodologies
–> Similar goals, which are to produce high-quality
systems
–> Same activities, from collecting requirements,
to designing, developing, testing, and deploying
differences between waterfalls and agile methodologies
- Waterfall is a linear approach and divides a
project into phases - Agile is an iterative approach that separates a
project into sprints
which methodologies are DPBD activities relevant in ?
waterfall
agile
why implement dpbd features from the start
less cost
more flexibility.
what are the 3 steps in redesigning systems for DPBD
rethink
redesign
revive
what does rethink mean ?
- Identify business and personal data protection
requirements against existing system business - Evaluate existing system privacy controls
against DPbD Principles
