search

guardian-framework / framework

An Opinionated Inductive Guidance Framework for Digital Transformation
https://guardian-framework.github.io/framework/
Other
7 stars 0 forks source link

Tillägg under Principles #8

Closed ejer02 closed 7 years ago

ejer02 commented 7 years ago

Privacy by Design In short, privacy by design means that each new service or business process that makes use of personal data must take the protection of such data into consideration. An organisation needs to be able to show that they have adequate security in place and that compliance is monitored. In practice this means that an IT department must take privacy into account during the whole life cycle of the system or process development.

Privacy by Default Privacy by Default simply means that the strictest privacy settings automatically apply once a customer acquires a new product or service. In other words, no manual change to the privacy settings should be required on the part of the user. There is also a temporal element to this principle, as personal information must by default only be kept for the amount of time necessary to provide the product or service.

Source: http://www.eudataprotectionregulation.com/data-protection-design-by-default

Det finns en hel del att förhållas sig till ovan begrepp i o m The European General Data Protection Regulation och mer detaljerad information kommer att läggas in.

larsbarkman commented 7 years ago

Bra principer!

Jag la till dom till sidan Principles, går med i nästa Pull Request.

Den här känns också relevant...

explicit consent

The European Data Protection Regulation introduces the requirement of ‘explicit consent’. This means that data controllers must be able to demonstrate that their customer has agreed to the processing of their personal data by a statement or a clear affirmative action. Also, the consent must be ‘informed consent’. This means that it must be clear to the customer what data will be processed, what the specific purpose of the processing is and who will have access to the data before the customer accepts or rejects the terms of service. It should be easy for the customer to understand the terms so it is important that you use clear and unambiguous language when informing your customers of the terms. In addition to providing consent, under the Regulation the customer can revoke this consent at any time and the revocation should be a straightforward and easy process.

http://www.eudataprotectionregulation.com/collecting-data

larsbarkman commented 7 years ago

Pull Request har gått iväg