Privacy by Design Quiz

Questions and Answers

Which of the following is true about Privacy by Design?

• It involves choosing the way with the highest privacy impact when achieving business objectives
• It promotes privacy and data protection compliance from the start of a project (correct)
• It is only necessary to consider privacy aspects of a project after it has been completed
• It is optional under the GDPR

What is the purpose of the Privacy Impact Assessment (PIA) template?

• To avoid using unique identifiers
• To consider various privacy aspects of a project (correct)
• To collect personal data from a maximum number of individuals
• To use sensitive information for other purposes

What is the recommended approach for collecting personal data?

• Collecting personal data from the minimum necessary group of individuals (correct)
• Collecting personal data from a random group of individuals
• Collecting personal data from individuals who provide the most data
• Collecting personal data from all individuals

Flashcards

Privacy by Design

Building privacy and data protection into a project from the beginning.

Privacy Impact Assessment (PIA) template

A tool to evaluate privacy implications of a project.

Personal data collection

Gather only the necessary personal data.

Study Notes

Privacy By Design: Key Questions for Data Protection Compliance

• Privacy by design is an approach that promotes privacy and data protection compliance from the start of a project.
• It is mandatory under the GDPR, and involves choosing the way with the lowest privacy impact when achieving business objectives.
• The Privacy Impact Assessment (PIA) template should be used to consider various privacy aspects of a project.
• The purpose of the new system should be clearly defined to ensure that all data handling is proportionate to that purpose.
• Personal data should only be collected from the minimum necessary group of individuals.
• The system should be designed to collect only the minimum amount of data necessary to achieve the project's purpose.
• Sensitive information should only be collected if absolutely necessary and not used for any other purpose.
• Mandatory and optional fields should be distinguished, and free text fields avoided.
• Unique identifiers should be used instead of names or email addresses to make records easier to anonymize, share, and analyze.
• Access privileges should be segmented, and only those with a genuine need-to-know should have access to the information.
• The right to edit, delete, and download data should only be given to those who need it.
• The process for granting and removing access rights should be clearly defined.