Privacy by design: investing means profit

Privacy by design: investing means profit

21-03-2019 10:23:59


The internet is under pressure. We are putting more importance on our privacy and personal data should be stored and processed in a safe manner. Corporate processes that handle personal data are rarely set up optimally. This is often because employees in organisations are informed about handling personal data (more) carefully after the fact, instead of beforehand. Errors and indifference are always a threat. That has to change. That is why it is important to take privacy into account from the very beginning of designing an information system: privacy by design. But where do you have to pay attention to with privacy by design? I will give you three tips in this blog:

1.       Minimise data

The first tip may sound obvious: minimise data. Do not collect data that you will not use eventually use, that is needless data. Check for all data collection processes whether the data is actually necessary to provide our service or product. A striking example is a contact form on the website. Is there a field for the post address or visitor address? Ask yourself whether this is really necessary. Ask yourself whether you are actually going to approach your client on their post address. The essence is this: data that you do not collect, you do not have to secure. And that means nothing can go wrong. It also saves time and both the data and the person do not run any unnecessary risks.

2.       Pseudonimise data

It is quite simple: only collect data you truly need. But also the necessary data should be safe. To minimise the chance of damage, it is advisable to pseudonimise the collected data. When data is not used in its original form, it is wise to replace identifying data – like name, IP address and email address – with a code. That way you safeguard the identity of the person in question without losing individual data.

3.       Delete unnecessary data

This tip might also be an obvious example, but it is crucial nonetheless: only save data when it is necessary to reach a goal. Personal data are collected and processed with a certain purpose. In case the purpose for which the personal data were processed is no longer present, delete the data. Think about data that has been collected for a campaign that has ended. It is wise to build systems that automatically delete such data in order to make the transition smoother. 

Privacy by design might sound like a hip, needless term. But it generally comes down to setting up your processes in such a way that they automatically safeguard privacy. That means that there is no unnecessary data collection and that decreases the chance of errors drastically. And that is what we should all aim for. Then the internet will be a lot safer for all of us. And who does not want that?

Want to know more? Read the manifest and e-book:


By: Wido Potters