There is no one-size-fits-all solution when it comes to reducing data-privacy risks.
Protection policies may depend on numerous considerations, such as different categories of data, varying legislation, or purpose of data processing.
However, there are frameworks that may be used as tools to help you structure discussions about privacy requirements in your organization.
A great example of such rules comes in the form of principles developed by the Organization for Economic Cooperation and Development (OECD).
A Practical Guide to Acquiring Consent in the Age of GDPR
Read our exhaustive guide on collecting, managing, and storing user consents, plus learn the ways GDPR Consent Manager can help you remain privacy compliant
Guidelines on the Protection of Privacy and Transborder Flows of Personal Data by the OECD became an internationally accepted set of rules for processing personal information.
Reflected in existing and emerging data-protection laws, they can serve as an excellent basis for any analytics endeavor aiming to reduce data-privacy risks. It is also a sound direction for governance of personal data collected and processed by organizations over the course of their business.
The privacy principles defined by the OECD consist of the following:
1. Collection Limitation:
Data collection should occur only with the knowledge and consent of a concerned individual (data subject).
2. Data Quality:
You should only collect information which is relevant and accurate for a particular aim.
3. Individual Participation:
The concerned individual should know if their information has been collected and must be able to access it if such data exists.
4. Purpose Specification:
The intended use for a particular piece of information must be known at the time of collection.
5. Use Limitation:
Collected data must not be used for purposes other than the ones specified at the time of collection.
6. Security Safeguards:
Reasonable measures must be taken to protect data from unauthorized use, destruction, modification, or disclosure of personal information.
7. Openness:
Individuals should be able to avail themselves of data collection and be able to contact the entity collecting this information.
8. Accountability:
Data collector should be held accountable for failing to abide by any of the above rules. There needs to be a dedicated person.
OECD guidelines vs GDPR
The OECD principles are closely tied with the European Union legislation and cultural expectations.
That’s why it comes as no surprise that GDPR’s spirit and much of its detail reflect the OECD privacy framework. All that makes these outlined principles are a great core for your web-analytics privacy practices.
However, keep in mind that the provisions of GDPR are much broader and simply following the good practices introduced by OECD won’t be enough to comply with them.
We write about it in numerous blog post on our website – if you want to learn more about the topic, be sure to visit GDPR section on our blog.