11. Privacy by design and data protection impact assessments
We will ensure that an individual’s rights in relation to privacy and data protection are a key consideration in the formulation and early stages of production of any project, process or policy as well as seeking to integrate them into existing project management and risk management methodologies and policies. Privacy and data protection will remain relevant throughout the lifecycle of any project, process or policy.
Having regard to certain factors, including the nature, scope, context and purposes of processing and related costs, we will implement appropriate technical and organisational measures to ensure we have integrated privacy and data protection into our processing activities.
Carrying out data protection impact assessments can help identify the most effective way to comply with our data protection obligations and meet individuals’ expectations of privacy. Again having regard to the nature, scope, context and purposes of processing, where we are considering introducing a new technology or to carry out processing in either case which is likely to result in a high risk[1] to the rights and freedoms of individuals then we will carry out an impact assessment.