Define privacy requirements [Mandatory] - Identify and document privacy requirements based on best practices, applicable laws and regulations. For example, Rwanda’s law on data protection and privacy requires institutions to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk posed to the data subject, including, where appropriate, storing sensitive personal data separately from other types of data, and applying measures such as tokenization, pseudonymization or encryption.
Define purpose of data collection [Mandatory]- Consider the types of personal data the software will collect, process, and store. Determine the purposes for which personal data will be used and ensure they align with user expectations and what is allowed by law.
Privacy impact assessment[Mandatory] - Conduct a privacy impact assessment (PIA) to evaluate potential privacy risks associated with the new proposed software.
No Comments