Do we care enough for privacy(privacy by design / default) as part of our business flows?
The reforms of the Personal Data Protection Law, which entered into force in 2016, will be carried out in line with the GDPR by the end of March 2022. The evaluations made by the Personal Data Protection Board also show that the concepts of privacy by design and privacy by default will be of great importance in the upcoming period. Below we present the checkpoints we have created for you to review in terms of your business processes:
☐ We definitely have the advice of a data protection expert to assist the process of designing and implementing of systems, services, products, and business practices.
☐ We consider data protection as an essential part of the core functionality of our processing systems and services.
☐ We have risk anticipation and privacy-invasive events scenarios and action plans in case of a data breach.
☐ We have precise, lawful purposes to process personal data. Also, purpose limited processing is also part of the process.
☐ IT systems, services, products, business practices that include personal data were designed privacy-sensitive so that individuals are not the ones to take any action instead of us.
☐ We have transparently made the identity and contact information of those responsible for data protection for both our organization and to individuals available.
☐ We have an easily comprehensible policy for any public documents about what we are doing with their personal data.
☐ We have tools for individuals to determine how we are using their personal data and enforce their rights under applicable data protection regulation.
☐ We offer user-friendly, strong, privacy by design/default, options, and controls and respect user preferences.
☐ We only sign with data processors that provide sufficient data protection levels in terms of technical and organizational measures for data protection by design.
See also; Open Banking Means New Revenue Streams for Financial Institutions
