Privacy by design

The GDPR mandates that privacy must be a priority throughout system design and commissioning. The approach taken with respect to data privacy must be proactive, not reactive. Risks should be anticipated, and the objective must be to prevent events before they occur.

Organizations must carefully consider and document how systems are designed to stay within the stated objectives.

Care must be paid not to capture personal data of subjects who fall outside of the domain of the system (for example, adjacent public areas).

Careful consideration of who needs to see what information (for example, live/recorded, time frame, resolution) and who can access what features (for example, search).