System Assessment Investigations

An organization is obliged to apply the principles of privacy by design and privacy by default in practice (see: list of AP points for attention). There is no such obligation from the perspective of financial supervision. It is practical to apply compliance by design and compliance by default in practice. Moreover, the organization of the business compliance function and the organization of business activities are more effective and cost-efficient if the starting point is compliance/privacy by design and compliance/privacy by default.

Plan of action

For privacy by design (in Article 25 and Recital 78 GDPR), we talk about data protection by design and by default settings.

  • Focusing on the data subject: In accordance with the law, we focus on the participation of the data subject in the processing of personal data. Data protection by design and by default settings must therefore be in line with the management of personal data by the data subject, and that is not without mutual obligations.
  • Proof of effective operation: submitting proof of effective operation (in retrospect) of the management and security measures taken aimed at compliance with the law requires a conclusive administration with this proof. In addition to these structural control measures aimed at compliance, there are a series of measures in the field of compliance/privacy by design.
  • System assessment investigation: assessing systems for compliance by design and compliance by default (including the requirements arising from legislation aimed at protecting personal data) may relate to existing information systems/IT services, systems designs, programs of requirements for systems or systems being developed or implemented.

More information

Do you have any questions or do you need an appointment? Feel free to contact us on +31 0 (70) 392 22 09 or