Incorporating privacy by design into your software process can help to ensure you maintain compliance with upcoming certifications, as well as trouble shoot security and software issues.
Privacy by Design is an approach to software engineering and troubleshooting which takes privacy into account throughout the whole software development process. The concept is an example of value sensitive design, i.e., to take human values into account in a well-defined manner throughout the whole process and may have been derived from this.
Privacy by Design is not about data protection but designing so data doesn't need protection. The root principle therefore is based on enabling service without data control transfer from the citizen to the system (the citizen become identifiable or recognizable).
One simple example is Dynamic Host Configuration Protocol where devices based on random identifiers gets an IP from the server and thus is enabled to communicate without having leaked personal identifiers per se.
A more advanced example is Global Positioning System where devices client-side can detect their geographical location without leaking identity or location.
One approach was based on Kim Cameron's 7 "Laws of Identity" which were rephrased into 7 "foundational principles":.
- Proactive not reactive; Preventative not remedial
- Privacy as the default setting
- Privacy embedded into design
- Full functionality – positive-sum, not zero-sum
- End-to-end security – full lifecycle protection
- Visibility and transparency – keep it open
- Respect for user privacy – keep it user-centric