Data Protection by Design as a Service

Introduction

The GDPR protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data (GDPR Art 1.2).

Data protection by design is a legal requirement of the GDPR (Art 25). "...The controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, ..., which are designed to implement data-protection principles, ..., in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the GDPR and protect the rights of data subjects."

"Data protection by design" (DPbD) should not be confused with "privacy by design" (PbD). Privacy by design is a context brought by former Information and Privacy Commissioner for the Canadian province of Ontario. Ann Cavoukian.

Data protection and privacy are closely related rights, but under EU law, they are two separate fundamental rights from the EU Charter of Fundamental Rights . Privacy by design is not a GDPR requirement. PbD will mainly assist at policy level.

Data protection by design may be daunting and that is why Bizoneo Professional Services assist organisations handle their data protection by design compliance requirements.

Why choose the Bizoneo Professional Services team?

  • Thirty years of experience handling data protection related projects
  • In-depth understanding of the requirements of the GDPR

Example of assistance

You are commissioning a website, our team can:

  • help refine the tender documents to ensure data protection and privacy is adequately covered
  • assist the interview panel to ensure that the web agency understands the requirements or that they are not misleading you
  • audit the vendor to ensure they are qualified
  • audit the work once completed. in addition, we have partners for penetration testing.

Who do we work with?

  • Software companies that want to ensure their solution will not jeopardise GDPR compliance.
  • Web platforms that want to ensure their websites don't break EU law.
  • Data protection officers that need assistance at compliance and/or technical levels 
  • Data controllers that want to ensure their processes comply with the GDPR
  • Data processors that want to ensure their processes comply with the data processing agreements signed with data controllers 

Sample process

  • We discuss the processing activities or the systems that needs to be assessed
  • We work with your business, technical team and data protection officer to help you document the compliance
  • You can follow the process in all transparency through the Bizoneo GDPR-GRC platform