# O3.1 Verify the existence and enforcement of regulations, policies and procedures

{% tabs %}
{% tab title="Principle" %}
[O3 Ensure data privacy by design  ](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design)
{% endtab %}

{% tab title="Risk" %}
[RS1 Privacy vulnerability ](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety)

[SV2 Weak rule of law](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities)
{% endtab %}

{% tab title="Life Cycle Stage" %}
[L1 Conception and Scoping ](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/life-cycle-stages)
{% endtab %}
{% endtabs %}

## Practices

* Mandate that the specific purpose for data collection and exchange is clearly defined, documented and communicated to the data owners.
* Initiate special audits or surveys to understand the operators' feedback on the operation and the impact of purpose limitation clauses.

## Resources

<table data-view="cards"><thead><tr><th></th><th></th><th></th></tr></thead><tbody><tr><td></td><td><mark style="color:yellow;"><strong>Case Study</strong></mark></td><td>Coming soon..</td></tr><tr><td></td><td><mark style="color:yellow;"><strong>References</strong></mark></td><td></td></tr></tbody></table>