Back to blog

What is privacy by design?

Data protection is one of the key challenges at Spaycial. We have already mentioned the main texts in this direction, with PSD2 and GDPR. These new regulations are progressing at the same pace as the use of digital technology in the world, and particularly in Europe. Privacy by design is part of these new obligations, in terms of product and service design for brands. We explain what this concept is and how we apply it, with Nurgül Sivasli, our Data Protection Officer (DPO).

Definition and applications of privacy by design

It is one of the new principles introduced by the GDPR regulation and is part of the compliance efforts and obligations of companies. Every action of a company must take into account the protection of the shopper's personal data, and this from the conception of a product or a service. This is an additional security for the shopper benefiting from personalized offers thanks to payment data, as Spaycial can propose.

By using privacy by design, the DPO accompanies and advises his/her company in order to integrate data protection into all operational processes, and more particularly into the development processes of products and services, as early as possible, from the start of the project until the final design of the product. Thereafter, the DPO ensures that this protection cycle is maintained on a continuous basis.

Nurgül Sivaslı explains: "At Spaycial, before any launch of a new product or service, such as our "Shopping scoring" service, as DPO I am consulted by the technical teams in order to ensure the lawfulness of the processing and in particular the choice of the legal basis: consent, contract or legitimate interest. Following the principle of 'privacy by design' allows us to anticipate the obligations of transparency and the rights of the users, especially since the education of the consumer is essential and represents the real challenge in the field of payment. Finally, the implementation of this principle ensures that only adequate, relevant and strictly necessary data is processed.”

Privacy by design is accompanied by privacy by default. These principles are obviously illustrated by the integration of state-of-the-art security standards (RTS rules and strong authentication) and by the governance of personal data security in all our projects and decisions.

The 7 key principles of privacy by design

There are many core principles of privacy by design that, if followed, will make payment data protection compliance efforts a reality. Here are the 7 principles of privacy by design, as applied by payment data specialists.

  1. 1. Adopt preventive and proactive measures, not just corrective ones. Prevention includes employee training and awareness.
  2. 2. Offer products and services with a default privacy level.
  3. 3. Integrate confidentiality and privacy features into the design process of each product and service, and anonymize data whenever possible.
  4. 4. Make sure that privacy and security complement each other but do not cancel each other out: the two concepts must be complementary and explicitly differentiated.
  5. 5. Provide the shopper with all the details they need about our compliance with the various regulations and its implementation: accessibility and transparency are key. 
  6. 6. Ensure end-to-end security: the privacy of shoppers whose data is collected is protected throughout the collection process, as well as during data storage using encryption techniques.
  7. 7. Respect shoppers' privacy: the service must be shopper-centric.