+ INFORMATION

New Eip Logo
Events EIP Talent Student access
  • es_ES
  • en_GB

Share on social networks!

Treatment configurability

by
configurability of data processing

Configurable and non-configurable systems

When we talk about a “non-configurable” system or application, we refer to the fact that in its design and implementation fixed parameters are given that unalterably determine the way in which the treatment will be executed, either by having acquired a non-configurable implementation or by having been configured with fixed values. In these cases, we can say that functionality is found ““wired-in” or wired

In the event that the treatment was configurable, we understand that the system or application has been designed with a set of options suitable for modification by the person responsible or even by the user himself. An example of this would be the configuration for the collection of information stored in activity logs.

Configurability of data processing

Likewise, each configuration alternative It can be determined by a set of parameters, such as the configuration of the application's activity log, as well as some parameter to activate said log in a general way.

In this sense, at the time of implement parameters, some will be able to take any value, while others will only be able to take values of a limited range.

Likewise, with regard to the Default Data Protection, the person responsible for the treatment must be responsible for establishing the configurability requirements in each of its phases, based on the analysis carried out on it and the use cases that have been identified, transferring them to the design and implementation of the treatment. 

Configurability Features

The default configuration sets the habitual use of the service and the characteristics of the treatment in those cases in which the person responsible does not offer the user the possibility of personalizing it or, if it does offer it, the user does not make use of it.

The aforementioned configuration will be comprised of the set of pairs “parameter-value” preselected or preassigned in a system or application, which determine, in whole or in part, the way said system operates. This configurability has four characteristics:

  • He recognition of configurability requirements, integrated as part of the privacy requirements from the design of the treatment. They translate into the definition and choice of a set of configuration alternatives, understood as parameters that can be altered and their possible values, including the default value, which determines the behavior of the system or application. The identification of the configurable parameters is necessary.
  • Decide which of the configuration alternatives They are under the exclusive control of the person responsible and their limits.
  • In the event that the aforementioned alternatives, due to the nature of the treatment, are controlled by the user, it will be essential to establish which of them are taken into account and their limits.
  • Install if the elements ““off-the-shelf” necessary for the constitution of the treatment Meet the requirements of configurability and adapt its value. 

In short, the constitution of the configuration options and the assumptions of use must be considered input information in the risk analysis phase for the rights and freedoms of natural persons, in order to determine the way in which they could affect to the privacy of users the values assigned to the different parameters, as well as the possible effects of their subsequent alteration by them or the possible handling of third parties.

In this sense, it will be mandatory keep users informed of the consequences and risks settings in a clear and concise manner, so that they are given the option to make a decision regarding the impact on their privacy. 

The study of the processing of personal data is not simple, studying a Master in Data Protection, will give you the knowledge necessary to understand what a treatment is, how to configure it, how to manage it and thus guarantee that the security measures that are proposed will consider all the risks that affect said treatment.

Master in Compliance and Data Protection Management at the International Graduate School

 

Subscribe to our newsletter to stay up to date with all the news

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad
Blog Master Dpo

Leave a comment

Members of 

Latin American Council Schools Admission Logo
Business School Logo
Euphe 1
Euphe 2

Recognitions

Qs Rating Horizontal 0
Qs Rating Horizontal 4
Qs Rating Horizontal 1
Qs Rating Horizontal 2
Qs Rating Horizontal 3
Qualificam Logo Footer

Educational partners

Harvard Negative (1)
Microsoft Academy (1)
Aws Academy Logo Footer
Cisco Networking Academy White
Wca Logo
Ausape Logo
Logo Compliant Professional Association White
Logo Aeca Footer
Buildingsmart Rgb Spain Chapter Member V2
Sage50 Cloud Logo Footer
Pmp Logo Footer
Global Suite Logo White
Minsoit Sap Svg
Nominasol Logo Footer
Cype Logo
Pvsyst Logo
Logo Capman Footer
Toeic Logo White
Python Institute Logo White
Its Logo White
Ccsp Badge
Cdpp
Cpcc
Legal warning Use of Cookies Privacy Policy Quality politics Complaint channel Registration Conditions join us

EIP Teatinos University Campus - Málaga - Spain

© EIP | International Business School 2010-2024

Trademark registered with the OEPM. No. 3,735,191