Since IoT involves the use of personal data from different types of data subjects, it is highly recommendable, where possible, to hear the voices of the representatives of the collectives involved so as to ensure that the Data Protection by Design policies are in line with their interest, rights and freedoms. Organizing some preliminary discussions with those representatives, where they exist, ensures the implementation of a bottom-up framework that could be very helpful to this purpose.
| Checklist: Project Understanding |
| ☐ The IoT development does not promote scenarios that are not compatible with the EU fundamental values and legal framework.
☐ The IoT development does not involve a disproportionate use of personal data (processing is not against the minimization principle). ☐ The controller can ensure that appropriate lawful bases for data processing will apply to all required data processing activities. ☐ The controller can ensure that the key team members processing personal data have been adequately trained on data protection issues and/or adequate assessment tools have been implemented. ☐ The roles played by all different agents involved in the IoT tool have been adequately identified and the controller can provide evidence on this (a statement or agreement has been signed, for instance). ☐ Whenever there are, the representatives of the key collectives involved in the data processing have been consulted on the IoT tool features. |