# L2 - Strategy and Design To know more about this phase of the DPI life cycle, click [here](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r5-advocates/l2-strategy-and-design). **Click on any process listed below to learn about illustrative practices that can be implemented.** | Process | Principle | Risk | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [F2.4 Design and implement backup processes for users who lack assumed documentation ](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/f2.4-design-and-implement-backup-processes-for-users-who-lack-assumed-documentation) | [F2: Do not discriminate](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/foundational-principles/f2-do-not-discriminate) | [R13 Exclusion,](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-inclusion) [RI1 Discrimination](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-inclusion) | | [F4.10 Implement comprehensive reporting and accessibility protocols](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/f4.10-implement-comprehensive-reporting-and-accessibility-protocols) | [F4: Reinforce transparency and accountability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/foundational-principles/f4-reinforce-transparency-accountability) | [SV1 Digital Distrust,](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities) [SV4 Technical shortcomings](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities) | | [F6.5 Implement optional features for user control over personal data](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/f6.5-implement-optional-features-for-user-control-over-personal-data) | [F6: Promote autonomy and agency](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/foundational-principles/f6-promote-autonomy-and-agency) | [RI4 Disempowerment](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-inclusion), [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) | | [O2.5 Implement rigorous testing protocols](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o2.5-implement-rigorous-testing-protocols) | [O2: Evolve with evidence](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o2-evolve-with-evidence) | [SV3 Weak institutions](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities) | | [O3.14 Integrate strict data minimization protocols into design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.14-integrate-strict-data-minimization-protocols-into-design) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) | | [O3.15 Implement strict controls to enforce purpose limitation and restrict secondary data use.](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.15-implement-strict-controls-to-enforce-purpose-limitation-and-restrict-secondary-data-use) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety), [SV1 Digital distrust](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities) | | [O3.16 Embed strong standards of privacy from the start and integrate it into design and processes](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.16-embed-strong-privacy-standards-from-the-start-and-integrate-these-into-design-and-processes) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | | | [O3.17 Ensure compliance with privacy laws and evaluate risks related to PII by conducting and publicly documenting privacy impact assessments for new or updated technologies and systems.](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.17-ensure-compliance-with-privacy-laws-and-evaluate-risks-around-pii) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | | | [O3.18 Emphasize transparency and user empowerment in managing data.](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.18-emphasise-transparency-and-user-empowerment-in-managing-data) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | [RI4 Disempowerment](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-inclusion), [RS1 Privacy vulnerabilities](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) | | [O3.19 Develop privacy requirements and select mitigation strategies, documenting and iterating your analysis as needed.](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.19-develop-privacy-requirements-and-select-mitigation-strategies) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | | | [O.20 Ensure unobservability of Daily User Interactions by Design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.20-ensure-unobservability-of-daily-user-interactions-by-design) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) | | [O.21 Establish mechanisms to ensure a right to opt-out whenever appropriate](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.21-establish-mechanisms-to-ensure-a-right-to-opt-out-whenever-appropriate) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | [RI4 Disempowerment](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-inclusion), [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) | | [O3.22 Ensure linkability, unobservability, and zero-knowledge proofs are the default](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.22-ensure-linkability-unobservability-and-zero-knowledge-proofs-are-the-default) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety), [RS2 Digital insecurity](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) | | [O3.23 Establish Robust Data Delinking Mechanisms once the purpose of the processing of personal information has been served](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.23-establish-robust-data-delinking-mechanisms) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety) | | [O3.24 Make alternative mechanisms besides biometrics available for enrollment for special cases (leave nobody behind)](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.24-make-alternative-mechanisms-besides-biometrics-available) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | | | [O3.25 Ensure that biometric authentication is not mandatory](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.25-ensure-that-biometric-authentication-is-not-mandatory) | [O3: Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) | [RI3 Exclusion](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-inclusion), [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety), [SV4 Technical shortcomings](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities) | | [O4.3 Ensure secure and auditable data handling](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o4.3-ensure-secure-and-auditable-data-handling) | [O4: Assure data security by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o4-assure-data-security-by-design) | [RS2 Digital insecurity](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety), [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety), [SV4 Technical shortcomings](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities) | | [O6.6 Embed vulnerability in product design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o6.6-embed-vulnerability-in-product-design) | [O6: Respond to gender, ability or age](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o6-respond-to-gender-ability-or-age) | [RI4 Disempowerment](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-inclusion) |