Product Design
Conceptualising, designing and bringing a new product to market can be a challenging yet extremely exciting venture for businesses. UK data protection law (specifically, the UK GDPR) is principle based and driven legislation. When conceptualising and designing a new product, it’s essential to ensure its design and implementation complies with UK data protection law in theory and in practice.
What are the UK data protection principles?
The six data protection principles set out in the UK GDPR are summarised as follows:
- Personal data is processed fairly, lawfully and in a transparent manner
- Personal data is collected for specified, explicit and legitimate purposes and not processed in a manner incompatible with those purposes
- Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
- Personal data is accurate and, where necessary kept up to date.
- Personal data is kept in a form which identifies data subjects for no longer than is necessary for the purposes for which its processed
- Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
What is ‘data protection by design’?
You may have come across the term ‘data protection by design’. This refers to a business or other organisation ‘designing’ its infrastructure, processes etc. to ensure its data processing activities are compliant with UK data protection law and from the outset.
However, the term can equally apply to proposed new product; the product is conceptualised and designed from the outset taking UK data protection law (including the principles set out above) into account and ensuring that the product is legally compliant to the extent possible.
How to design a product which is compliant with UK GDPR
In reality it will likely need input from various functions of the business and the answer will depend on the nature of the product, e.g. the considerations for a software platform with various layers are going to be different to a multivitamin pill. However, regardless of the product’s nature, a ‘principles-first’ approach will need to be taken where data protection compliance is and remains a key focus throughout development and testing of the product and following its release on to the market.
How can we help?
We can advise your business on relevant UK data protection law in relation to your product and advise you on whether your product is legally compliant, as well as other relevant matters and updates to be aware of to ensure compliance moving forward.
Want to speak with one of our experienced data protection lawyers? Get in touch with the team.