Q: What is “Privacy By Design”? How can I guarantee the security of software which I had no hand in creating?
A: Data Protection By Design is one of the cornerstones of the GDPR. It states that data security and personal privacy must be a consideration at every stage of processing.
In practical terms, this creates a new set of considerations for data controllers. As the question suggests, these considerations will include factors beyond the influence of the data controller – such as software systems and database management.
Obviously, the GDPR does not expect data controllers to develop their own, in-house solutions to these problems. Instead, data controllers will now have to take extra consideration when selecting service providers, to ensure they are appropriate. While the security of individual software solutions is not the responsibility of the data controller, a decision on which service to use will be subject to data protection by design considerations.
Article 25, GDPR
eBoss has developed every one of our software services with data security and personal privacy as a top consideration. It is not the responsibility of the data controller to develop secure software solutions. But it is their responsibility to choose systems which are able to demonstrate compliance with the fundamental aspects of the GDPR.