Our legal advisors will provide legal support in the solution design process in order to ensure sufficient attention to privacy and safety from the get go. One common myth in solution design is that it’s easy to backtrack and implement changes because software is flexible. The reality is that it is crucial to consider factors such as data protection laws and other legal requirements from the beginning.
By doing this, the solution can be developed in compliance with privacy and safety requirements. Our delivery helps secure the relevant legal requirements through assessments of mandatory law and sector-specific regulations, e.g.: Privacy law (data protection – GDPR), security requirements imposed by regulation, regulations concerning development of new ICT-solutions and intellectual property rights.
Securing the relevant legal requirements through assessments of mandatory law and sector-specific regulations, e.g.:
Privacy law (data protection – GDPR)
- Consider what personal data will be processed and the need for data processor agreements
- Appropriate technical and organizational measures
- Privacy by design (GDPR): Privacy by design means that the organization must integrate relevant data compliance measures into their data processing activities. Privacy by design relates to both technical and organizational measures, e.g. both staff policies and use pseudonymization are important. An organization needs to be able to show that they have adequate security in place and that compliance is monitored. This means that an IT department/organization must take privacy into account when planning a system acquisition and/or a development process, in addition to the whole life cycle of the system.
- Data portability (GDPR): This is a requirement that needs be considered in the planning process which allows for customers to receive the personal data, which they have provided to a supplier and to transmit them to another supplier giving the customer more control over the personal data.
Security requirements imposed by regulation: E.g. specific requirements for certain industries such as finance.
Regulations concerning development of new ICT-solutions
- Governmental universal design: The system must be engineered according to the regulations on universal design, such as law on public procurement, regulation on universal design of ICT and the Discrimination and Accessibility Act of 2009
- Governmental architectural principles: The system must be engineered according to these principles, e.g. principles concerning infrastructure solutions, technical standards and information architecture
- Solution design: For public customers, it is important that the overall solution design does not limit competition unreasonably (the solution must not be specified for a certain supplier)
- To what extent should the customer own the rights, and when will a right to use be more prudent. This is very important and needs to be decided in the planning and strategy process to avoid lock-in and potential poor investments.