Software development with Data Protection by Design and by Default Datatilsynet
7 activities in a continuous process
1- Training: ensure that everyone understands the need for, and the risks associated with #dataprotection and security (DPS)
2- Requirements: measures needed to ensure DPS, tolerance levels, and the need to assess security risks and DP implications (DPIA).
3- Design. Ensure that requirements for DPS are reflected in the design and identify design requirements. Design reqs:
a) Data-oriented: minimisation, hide and protect, separate, aggregate, DPbD
b) Process-oriented: inform, control, enforce, demonstrate
4- Coding: enable devs to write secure code by implementing the requirements for DPS: use approved tools/frameworks, disable unsafe functions/modules, static code analysis and code review
5- Testing. testers check that the requirements for DPS defined in 2 and 3 were implemented, and verify that the requirements are met
6- Release. An incident response plan should be established, and a full security review of the software should be carried out
7- Maintenance. Implementation of a plan to respond to incidents, data breaches, faults and attacks, and be capable of issuing updates, guidelines, and information to users and those affected by the software.
Link to the guidelines
0 comentarios