In recent years, large companies have begun to boast about guaranteeing the privacy of their users, about caring about it. Thus, reference is made to regulatory compliance as an added and differential value of the business.

But what does it mean that a company cares about privacy? What is sought when protecting privacy?

Fundamentally:

Guarantee that interested parties understand the use that is being made of their personal data and that they retain control over it at all times.
Prevent discriminatory and/or stigmatized treatment of people as a result of biased automated decisions.
Prevent invasive or incorrect treatments from occurring, in such a way that the rights and freedoms of people may be affected, causing them harm.
Guarantee the security dimensions of data, that is, its integrity, availability and confidentiality and the resilience of information systems.

We can say that it seeks to cover both the risks derived from unauthorized treatments and those that are authorized.

Guaranteeing privacy means ensuring compliance with the privacy goals: that interested parties have control over their data at all times (Control), that they understand the treatment (Transparency) and that the risk of unauthorized use of the data has been minimized by interconnecting the data with other data sets (Disengagement). As well as ensuring the protection of safety dimensions through the application of appropriate technical and organizational measures to guarantee a level of security appropriate to the risk of personal data processing. All of this, safeguarding the basic principles of treatment established in the General Data Protection Regulation.

It sounds very abstract, but it can be grounded. The work of a lawyer specialized in data protection, in collaboration with IT colleagues, will consist of specifying and implementing all these principles and requirements.

Currently, it is considered that There are eight privacy design strategies, which in turn can be classified into two categories: those oriented to data processing and those oriented to processes. Data-oriented strategies are associated with the objective of Decoupling and basically consist of minimize, abstract, separate and hide the data during its processing. On the other hand, process-oriented strategies are associated with Transparency, in a word: inform. And to Control: check the data, achieve with the regulations and demonstrate compliance.

Do you want to know more about these strategies?

There is a very good AEPD Guide “Privacy Guide by Design”.

Do you want to specialize in Compliance Management and data protection?

He Master in Compliance & Data Protection Management will make you a highly qualified professional with the necessary skills to carry out specialized tasks in two of the most relevant areas for both private businesses as for public administrations: data protection and regulatory compliance or Compliance.

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

*I give my express consent and accept the Privacy Policy.

Basic information on data protection.
Responsible for the treatment: Mainjobs Internacional Educativa y Tecnológica SAU
Purpose: Manage your subscription to the newsletter.
Legitimation for processing: Explicit consent of the interested party granted when requesting registration.
Transfer of data: No data will be transferred to third parties, except under legal obligation.
Rights: You may exercise the rights of Access, Rectification, Deletion, Opposition, Portability and, where applicable, Limitation, as explained in the additional information.
Additional information: You can consult additional and detailed information on Data Protection at https://www.mainfor.edu.es/politica-privacidad