Skip to main content

Skillber v1.0 is here!

Learn more

Data Privacy

Checking access...

Privacy Principles (OECD / GDPR)

PrincipleDescriptionImplementation
Lawfulness, Fairness, TransparencyProcess data lawfully, fairly, transparentlyPrivacy notices, consent management
Purpose LimitationCollect data only for specified, legitimate purposesData classification, usage policies
Data MinimisationCollect only what is necessaryData collection audits, privacy-by-design
AccuracyKeep data accurate and up-to-dateData quality processes, update mechanisms
Storage LimitationDelete data when no longer neededRetention schedules, automated deletion
Integrity & ConfidentialityProtect data with appropriate securityEncryption, access controls, monitoring
AccountabilityDemonstrate compliance with all principlesDPO, documentation, audits

Data Mapping

Process,Data Elements,Legal Basis,Storage Location,Retention Period,Third Party Shared With
Employee Payroll,Name,Address,SSN,Bank Account,Contractual Necessity,HR Database (EU),7 years after termination,Payroll Provider Inc.
Customer Support,Name,Email,Order History,Consent,Zendesk (US),3 years after last interaction,N/A
Marketing Newsletter,Email,Name,Preferences,Consent,Mailchimp (US),Until unsubscribe,Unsubscribe at any time

DSAR Process Flow

    graph TD
    A[DSAR Received] --> B[Verify Identity]
    B --> C[Log Request]
    C --> D[Search Systems for Personal Data]
    D --> E[Review for Exemptions/Third-Party Data]
    E --> F[Collate Response Package]
    F --> G[Send Response to Data Subject]
    G --> H[Document Request and Response]
  

Privacy-by-Design

// Privacy-by-design in application development
class UserDataManager {
constructor() {
this.retentionPeriod = 90 * 24 * 60 * 60 * 1000; // 90 days
this.purposes = ['authentication', 'order_fulfillment'];
}
collectData(userId, purpose, data) {
if (!this.purposes.includes(purpose)) {
throw new Error(`Purpose "${purpose}" not authorised`);
}
return {
userId,
purpose,
data: this.encrypt(data),
collectedAt: new Date(),
expiresAt: new Date(Date.now() + this.retentionPeriod)
};
}
async deleteUserData(userId) {
// Delete from all databases
await db.collection('users').deleteOne({ _id: userId });
await db.collection('sessions').deleteMany({ userId });
await cache.del(`user:${userId}`);
// Log deletion for audit
await audit.log('DATA_DELETION', { userId, timestamp: new Date() });
}
}

Annual Privacy Calendar

q1:
- Data mapping review and update
- Consent mechanism audit
- Privacy policy review
q2:
- DSAR metrics review (volume, response times, types)
- Third-party data processing audit
- Data retention schedule enforcement
q3:
- Data Protection Impact Assessment (DPIA) for new projects
- Employee privacy training
- Cross-border data transfer review
q4:
- Annual privacy report to board
- Regulatory filing (if applicable)
- Next year's privacy roadmap