Every data fiduciary shall prepare a privacy by design policy, containing—
- the managerial, organisational, business practices and technical systems designed to anticipate, identify and avoid harm to the data principal;
- the obligations of data fiduciaries;
- the technology used in the processing of personal data is in accordance with commercially accepted or certified standards;
- the legitimate interests of businesses including any innovation is achieved without compromising privacy interests;
- the protection of privacy throughout processing from the point of collection to deletion of personal data;
- the processing of personal data in a transparent manner; and
- the interest of the data principal is accounted for at every stage of processing of personal data.