The principle of Privacy by Design is one of the essential and strategic elements of the Telefónica Group and is set out in our internal regulations.
The concept of Privacy by Design implies the obligation of the entire organisation to establish, in the design of products and services, procedures that mainly take into account two aspects. In first place, the application of privacy protection measures from a legal and security point of view in the initial phases of any project. And in second place, that all business processes and practices involved in each activity or processing that may affect personal data are contemplated in this principle of Privacy by Design.
The Privacy by Design process defined by the Telefónica Group’s Global Data Protection Office includes at least the following activities:
The implementation of these processes in practice means always considering, when defining or developing any product or service, aspects such as: (i) what is the legitimacy that allows us to process your personal data, (ii) the guarantee that the data are secure and the most appropriate security measures are complied with according to the potential risks protecting their integrity and confidentiality, (iii) how you can be informed about how we process your personal data, (iv) the minimisation of data in the sense that they must be strictly necessary for the purposes of the processing, (v) the commitment to the rights of data subjects and (vi) the limitation of the storage period, among others.
All of these are summarised in the following principles governing data processing. Each of the principles is shown below together with a short explanation: