Javascript is required
logo-dastralogo-dastra

Audit modelChecklist privacy by design & by default (source : ICO)

ICO
Privacy by design & by default checklist from the ICO, the UK Data Protection Authority.

1. Taking into account data protection issues

1.1. We consider data protection issues in the design and implementation of systems, services, products and business practices.

2. Data minimization

2.1. We only process the personal data we need for our purposes, and we only use the data for those purposes.

3. Essential nature of data protection in the functionality

3.1. We make data protection an essential component of the basic functionality of our processing systems and services.

4. Anticipation of privacy risks and events

4.1. We anticipate privacy risks and events before they occur, and take steps to prevent harm to individuals.

5. Automatic nature of personal data protection

5.1. We ensure that personal data is automatically protected in any computer system, service, product and/or business practice, so that individuals do not have to take specific steps to protect their privacy.

6. Provision of the identity and contact information of responsible persons

6.1. We provide the identity and contact information of the persons responsible for data protection within our organization and to individuals.

7. Clarity and understanding of what is done with personal data

7.1. We adopt a "plain language" policy for all public documents so that individuals can easily understand what we do with their personal data.

8. Provision of control tools to individuals

8.1. We provide individuals with tools to determine how we use their personal data and whether our policies are being properly applied.

9. Default values for privacy, control and preferences

9.1. We provide strong privacy defaults, user-friendly options and controls, and respect user preferences.

10. Guarantees offered by subcontractors

10.1. We only use subcontractors who offer sufficient guarantees regarding their technical and organizational measures for data protection by design.

11. Warranties for other systems, services or products

11.1. When we use other systems, services or products in our processing activities, we ensure that we only use those whose designers and manufacturers take into account data protection issues.

12. Use of privacy-enhancing technologies

12.1. We use privacy enhancing technologies (PETs) to help us comply with our data protection obligations by design.
Created at:01/01/2023

Updated on :07/29/2024

License : © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale

author :
Dastro Naute
Dastro Naute



Access all our audit templates

Try Dastra now to access all of our audit templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Build my audit
Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.