close
Share with your friends

Privacy by Design: assessment and certification

Privacy by Design

A risk management solution

1000
Sylvia Kingsmill

Partner, National Leader, Digital Privacy and Compliance, Forensic Services

KPMG in Canada

Contact

Related content

Privacy by Design: asessment and certification

Regulators, business leaders, and technologists all agree – an organization's privacy efforts cannot be solely assured by compliance with regulations; privacy must become the default mode of an operation.

Privacy by Design: a risk management solution

Privacy by Design builds on the premise that privacy should be embedded into the design, operation, and management of IT systems, networks, and business practices in order to prevent privacy vulnerabilities and the potential for irreparable financial and reputational harm.

Originally developed by Dr. Ann Cavoukian, Privacy by Design is now law under the EU's General Data Protection Regulation (GDPR) and a globally recognized ISO standard (ISO 31700, Consumer Protection: Privacy by Design for Consumer Goods and Services).

Privacy by Design is structured around 7 Foundational Principles, which exist as a baseline for robust data protection.

  1. Proactive not Reactive: Privacy by Design anticipates risks and prevents privacy invasive events before they happen to build customer trust.
  2. Privacy as the Default Setting: Personal data should be automatically protected – no action is needed by the user to protect their privacy – it is built into the system.
  3. Privacy Embedded into Design: Privacy is embedded into the design and architecture of IT systems, and becomes part of the product, service or processes' core functionality.
  4. Positive Sum, Not Zero Sum: Privacy by Design avoids the false idea of trade-offs between privacy and security, showcasing that it is possible to have both.
  5. End-to End Security: Privacy by Design embeds security into the system from the start, which works to ensure a secure lifestyle management of information.
  6. Visibility and Transparency: Privacy by Design ensures operational execution aligns with policies. The end-user should know which data is collected, and for what purpose.
  7. Respect for User Privacy: Privacy by Design develops trust by choosing user-centric measures - strong privacy defaults, appropriate notice, and empowering user- friendly options.

Compliance with Privacy by Design allows an organization to achieve a "defensible" position. A Privacy by Design Certification demonstrates an organization's proactive, risk-based approach to achieving compliance, as well as earning customers' trust while building a true due-diligence defence in the event of a privacy breach, investigation and/or complaint.

Read more in our PDF guide.

© 2020 KPMG LLP, a Canada limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

KPMG International Cooperative (“KPMG International”) is a Swiss entity.  Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.

Connect with us

 

Want to do business with KPMG?

 

loading image Request for proposal