BS EN 17529:2022

$198.66

Data protection and privacy by design and by default

Published By	Publication Date	Number of Pages
BSI	2022	68

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This document provides requirements for manufacturers and/or service providers to implement Data protection and Privacy by Design and by Default (DPbDD) early in their development of their products and services, i.e. before (or independently of) any specific application integration, to make sure that they are as privacy ready as possible. The document will be applicable to all business sectors, including the security industry.

PDF Catalog

PDF Pages	PDF Title
2	undefined
10	1 Scope 2 Normative references 3 Terms, definitions and abbreviations 3.1 Terms and definitions
11	3.2 Abbreviated terms 4 General 4.1 Preparing the grounds for data protection and privacy by design and by default
12	4.2 Structure for disassembling product and service into applicable categories 4.2.1 Introduction
13	4.2.2 Product perspectives 4.2.3 Service elements
14	4.3 Self-declaration and levels of achievement
16	5 Privacy-aware development of products and services 5.1 Leadership and market intelligence
17	5.2 Preparation 5.3 Design 5.3.1 Determination of DPPbDD requirements 5.3.1.1 Basic design requirements 5.3.1.2 Enhanced design requirements when processing of personal data are included
18	5.3.1.3 Impact driven design requirements 5.3.1.4 Specific branches or consumer related design requirements 5.3.2 Development
19	5.3.3 Production and service provision 5.3.4 Release of products and services 5.4 Performance evaluation 5.5 Improvement 6 Data protection capability requirements on the design of products and services 6.1 Access 6.1.1 Access to data
20	6.1.2 Copy of data 6.2 Accountability
21	6.3 Accuracy
22	6.4 Data de-identification
23	6.5 Data minimization
24	6.6 Data portability
25	6.7 Confidentiality
27	6.8 Erasure
28	6.9 Consent and Children 6.9.1 Determination of user age 6.9.2 Configurable children age threshold
29	6.10 Information security 6.10.1 Unauthorized or unlawful processing
32	6.10.2 Data loss
33	6.10.3 Information protection targets 6.10.4 Restore
34	6.11 Lawfulness 6.11.1 Data disclosure 6.11.2 Consent
35	6.12 Objection to processing
36	6.13 Automated decision making 6.14 Restriction of processing
37	6.15 Storage limitation
38	6.16 Transparency 6.16.1 Information
41	6.16.2 Record of processing activities
42	7 Requirements to the self-declaration of privacy-aware design 7.1 Process requirements 7.1.1 Preparation based on the product perspective and service element requirements 7.1.2 Additional considerations related to DPIAs 7.1.3 Determination of the level of achievement
43	7.2 Self-declaration statement
45	Annex A (informative)Applicability mapping between Clause 6 requirements and perspectives or elements A.1 General
57	Annex B (informative)Approach for a specification B.1 General B.2 Data Protection B.3 Privacy
58	B.4 Data protection and privacy by design B.5 Data protection and Privacy by default
59	Annex C (informative)Guidelines related to EN ISO 9001 C.1 General C.2 Context of the organization C.2.1 Understanding the organization and its context C.2.2 Understanding the needs and expectations of interested parties C.2.3 Determining the scope of the quality management system C.2.4 Quality management system and its processes C.3 Leadership C.3.1 Leadership and commitment C.3.2 Policy
60	C.3.3 Organizational roles, responsibilities and authorities C.4 Planning C.4.1 Actions to address risks and opportunities C.4.2 Quality objectives and planning to achieve them C.4.3 Planning of changes C.5 Support C.5.1 Resources C.5.2 Competence C.5.3 Awareness C.5.4 Communication C.5.5 Documented information
61	C.6 Operation C.6.1 Operational planning and control C.6.2 Requirements for products and services C.6.2.1 Customer communication C.6.2.2 Determining the requirements for products and services C.6.2.3 Review of the requirements for products and services C.6.2.4 Changes to requirements for products and services C.6.3 Design and development of products and services C.6.4 Control of externally provided processes, products and services C.6.5 Production and service provision C.6.5.1 Control of production and service provision C.6.5.2 Identification and traceability
62	C.6.5.3 Property belonging to customers or external providers C.6.5.4 Preservation C.6.5.5 Post-delivery activities C.6.5.6 Control of changes C.6.6 Release of products and services C.6.7 Control of nonconforming outputs C.7 Performance evaluation C.7.1 Monitoring, measurement, analysis and evaluation C.7.2 Internal audit C.7.3 Management review C.8 Improvement C.8.1 General
63	C.8.2 Nonconformity and corrective action C.8.3 Continual improvement
64	Annex ZA (informative)Relationship between this European Standard and the data protection by design and by default requirements of Regulation EU 2016/679 aimed to be covered

Additional information

Status	Definitive
Pages	68
Publication Date	2022-08-23
ISBN	978 0 539 13430 8
Standard Number	BS EN 17529:2022
Title	Data protection and privacy by design and by default
Identical National Standard Of	EN 17529
Descriptors	Products, Specification (approval), Information technology, Document security, Data storage protection
Publisher	BSI
Committee	IST/33/5
ICS Codes	35.030 - IT Security

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN 17529:2022

PDF Catalog

Related products