# O3.19 Develop privacy requirements and select mitigation strategies

{% tabs %}
{% tab title="Principle" %}
[O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design)
{% endtab %}

{% tab title="Risk" %}
[RS2 Digital insecurity](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety), [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety)
{% endtab %}

{% tab title="Life Cycle Stage" %}
[L2: Strategy & Design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/life-cycle-stages)
{% endtab %}
{% endtabs %}

## Practice

> * Create a data flow diagram to map the system's entities and processes, identify privacy threats using established categories, and assess risks.
> * Use established categories such as those from LINDDUN or other privacy threat modeling frameworks to systematically identify where privacy risks may arise within your system.
> * Regularly revisit and refine your privacy requirements and mitigation strategies to ensure they remain effective.

## Resources

<table data-view="cards"><thead><tr><th></th><th></th><th></th></tr></thead><tbody><tr><td><strong>References</strong></td><td><p></p><p>LINDDUN (N/d). A Framework for Privacy Threat Modelling. https://linddun.org/</p></td><td></td></tr></tbody></table>