Data protection by design and default means that whenever we start thinking about developing new systems, services, processes or ways of working that we think carefully about any personal information that we might be using. We make sure that personal information will be used appropriately and taken care of throughout the lifecycle.
Thinking about data protection and privacy is a key part of the design stage and should include:
minimising risks to individual privacy
avoiding unnecessary intrusion into individual’s lives and activities
making sure we only use the information we really need to do the job
clear information for people whose information is being used
providing people with choices about their information where possible
keeping the information secure
Keeping information secure includes technology like passwords, but also measures like locking paperwork away, or making sure doors with keypad entry aren’t propped open. It can mean having documents like contracts or Data Sharing Agreements to set out clearly how information will be used and managed. It also means ensuring that everyone who works with personal information understands their responsibilities.
There are lots of different tools that can be used to design data protection into ways of working. These include: