Home > Praxis > Your project > Analysis > Digital responsibility
Practice

Digital responsibility

Responsible handling of data means first and foremost respectfully handling the rights of the individuals whose data are being processed. The use of personal data must therefore always consider protection of the affected individual’s privacy (data protection). Ethical and data protection considerations must be taken into account throughout the entire usage cycle of the data. This also means that digital systems have to be planned and partners must be selected so that the data are secure and protected against theft and misuse.

Many organisations have developed guidelines that offer orientation. In the following sections, we introduce GIZ’s guiding principles for raising awareness of the responsible handling of data. KfW Development Bank also provides its employees with a cyber security checklist that conducts an initial assessment of the information, data and cyber security of potential project partners, allowing any risks to be detected at an early stage. It can also be used to better evaluate behaviour within your own organisation.

Guiding principles for responsible handling of personal data

Planning: Responsible data practices should already play a fundamental role during project design and planning. This means, for one, taking into account national legal principles as well as your organisation’s guidelines. For another, processes for the project must be planned in such a manner that data are used carefully and that time and resources are considered – in security audits or additional feedback loops, for example.

Data collection: Inform those concerned about collection of their data and request their consent. This is crucial. Also, develop clear processes for using and storing data. Take the following questions into consideration: Where are the data stored exclusively? And for what clearly defined period?

Data storage and information security: Who in your organisation is responsible if data are lost or security is breached? Talk to them about your project. Last, but not least, the technical skills of your partners are essential. Is their techni cal equipment and expertise adequate? If not, you should plan an additional budget for capacity building measures. Make sure that you know what to do in the event of serious data loss. Develop guidelines for action in the run-up to the project.

Data usage: Anonymise data to the greatest extent possible. Only selected individuals should have → access to the data. Publishing of data: You should plan different levels of data distribution. For example, only raw data can be shared with project partners. Sign written agreements with those who will be using the data. Risks that you believe exist regarding the handling of data do not necessarily match the perception of other people. Get different opinions on risks before publishing the data.

Data archiving: Ask the question about the archiving of data right at the start of the project – otherwise it tends to be forgotten. However, responsible data archiving also means that only very specific data will be stored for further use. All other data should then be deleted.

What’s next? Responsible handling of data is an ongoing process, not just a one-off task. Stay on top of things. Use additional resources, create structures and appoint contact persons within your organisation.

Digital Rights Check

How do we avoid human rights risks in our digital project activities? The Digital Rights Check is a simple tool to sensitize project staff to potential negative human rights impacts. Risks covered include privacy restrictions, promotion of online hate speech, and discrimination. The tool takes about 20 minutes to use. At the end, users can download a human rights action plan to help take preventative and mitigative action.