Data Privacy - An Introduction

Data Privacy – An Introduction

Let’s talk about data privacy. Since 2018, when the EU passed the General Data Protection Regulation (GDPR), data privacy has been on everyone’s agenda. Whether you’re a large company or an SME, chances are you’ve spent both time and money (and blood, sweat, and tears?) improving your data security measures to the best of your abilities.

In this article, we aim to cover the seven principles of the Privacy by Design framework and present our own take on it.

Why care about data security?

The reason we all spend time and money on data security is twofold: we want to protect the users, be they clients, customers, vendors, or employees. And we want to protect ourselves from the massive fines that potential data security breaches may well result in.

One way to protect both groups from harm is by implementing data security measures. But adding security measures to existing processes is never ideal. That’s where Privacy by Design comes in.

Privacy by Design

One of the guiding principles of the GDPR is Privacy by Design (PbD), a framework in which organisations build their data processing practices around data security rather than applying it as a feature retroactively.

It’s really quite simple: rather than waiting for something bad to happen, then apologise (and pay a whopping big fine), and then (hopefully) fix it/the security issue, with PbD, you’re building a system that is already secure from the outset. Living up to the criteria of the PbD concept, you’ll have happier clients, customers, vendors, and employees – all by minimising the risk of a data leak that could cost you hundreds of thousands of euros.

7 core principles of Privacy by Design

The seven Privacy by Design principles promote a privacy-first, user-centric, and security-focused design:

Privacy is proactive

PbD is about building proactive measures rather than adding reactive measures. As a framework, PbD aims to assess, identify, manage, and prevent any data protection risks before any breach in data security even occurs.

Privacy is the default setting

An organisation’s data collection and use practices must respect the user and the user’s personal data by protecting it. The user’s consent is never a default setting, i.e. users must actively agree to the organisation’s data collection practices. Finally, the user’s data can only be used for whatever the user has consented to.

Privacy from start to finish

PbD dictates that users’ data must be kept secure until the data is no longer needed / in use. Then, the data must be destroyed. Data privacy measures must ensure the safety of users’ data during collection, use, and destruction.

Privacy is a plus-sum game

PbD shouldn’t take away from the final product or service. The aim is to add value to, not take away from the system that is being created. Basically, PbD should contribute to systems in such a way that 1+1 = 3, not 2.

Privacy + transparency = trust

Users must be informed of what personal data is collected from them and how it’s being used. PbD entails making sure that all stakeholders trust that whatever business practice or technology is involved, it’s operating according to the stated promises and objectives AND that it’s subject to independent verification.

Respect for user privacy

Implementing the PbD framework from a human-centred design perspective keeps the user and his or her privacy front and centre. Following PbD means offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options.

Privacy embedded into the design

Having privacy embedded into the design of your company’s systems or practices means keeping personal information protected throughout the lifecycle of its processing. Processing activities include collecting, storing, retaining, using, and ultimately disposing of personal information.

Exfluency’s take on Privacy by Design

Here at Exfluency™, we’ve talked about PbD and human-centred design since Day 1. Now, a couple of years down the road, it seems increasingly evident that PbD is not just a good idea; it’s a must for companies of all sizes that want to survive in a world that is increasingly being plagued by cybercrime.

Exfluency is, first and foremost, a language solutions partner. Via our unique blend of machine translation engines and subject matter experts, we deliver quality translation at speed – and at an incredibly competitive price point to boot!

We help our clients to communicate with millions of customers across the globe, and we do so without leveraging data for our own gain. Instead, we make sure that any data that enters the Exfluency system is as secure as our clients need it to be.

Anonymization

One of the key features of the Exfluency platform is our anonymization process. In a nutshell, we enable clients, Requesters, to upload everything from short email correspondences to full documents for translation. If the Requester wishes to anonymize the document/s, our algorithms do so at the click of a mouse.

Data anonymization: social security numbers, first and last names, and any other signifiers are automatically anonymized if the Requester wishes it.

An anonymized version of the document is created, and the original document is deleted from our system. Then, the anonymized file is machine translated and sent to trusted subject matter experts who proofread it and return it to the Requester.

All of the above is done without any confidential data leaving the Requester’s own servers. And to top it off, our system merges the original and the newly translated file, ensuring that the client never has to worry about version mix-ups.

Other measures

The list of measures we have in place at Exfluency (non-exhaustive, being documented):

Technical measures:

• Standard application environment with encryption
• User access control and authentication mechanism for subcontractors
• Double authentication for employees
• Data centres — in Germany, Europe
• Different access levels for different users (with detailed description of roles)

Organisational Measures:

• Team education procedure on privacy and data protection
• Protected physical access to company offices
• Laptop and other devices of the staff are protected (one device per user, Antivirus software, firewalls installed)
• Non-disclosure agreement signed with all subcontractors

So, as you can see, we’re doing our very best to create an environment where every user feels secure, be it our own Exfluencers, our clients, or the hundreds of subject matter experts that are currently contributing to the Exfluency platform.

More to come …

One of the guiding principles of the GDPR is Privacy by Design, a framework in which organisations build their data processing practices around data security rather than applying it as a feature retroactively.

In this article, we’ve covered the seven principles of the Privacy by Design framework and presented our own take on it – a system, the Exfluency platform, that has been built around data security from Day 1.

Stay tuned for more in-depth articles on anonymization, the legal basis for data collection and processing, purpose limitation of data use, and much more.