Privacy Decision Tree
Walk this for each proposed data field before you collect it. Hover any node for the principle behind it.
flowchart TD
Q1{"Do we need this data for a
specific stated purpose?"}:::decision NO1["Do not collect"]:::stop Q2{"Can we satisfy the purpose
with less identifying data?
aggregated, hashed, derived"}:::decision USE["Use the less-identifying form"]:::leaf Q3{"Define the minimum
retention period"}:::decision Q4{"Is the data shared
with third parties?"}:::decision APPROVE1["Document purpose, retention,
and access controls. Approve."]:::leaf Q5{"Data-processing agreement
and lawful basis for sharing?"}:::decision STOP2["Stop. Do not share."]:::stop APPROVE2["Document third-party scope,
purpose, and DPA.
Approve with annual review."]:::leaf Q1 -->|No| NO1 Q1 -->|Yes| Q2 Q2 -->|Yes| USE Q2 -->|No| Q3 Q3 -->|"retention window set"| Q4 Q4 -->|No| APPROVE1 Q4 -->|Yes| Q5 Q5 -->|No| STOP2 Q5 -->|Yes| APPROVE2 classDef decision fill:#1565c0,stroke:#0d3a73,stroke-width:2px,color:#ffffff,font-size:13px classDef leaf fill:#455a64,stroke:#263238,stroke-width:2px,color:#ffffff,font-size:13px classDef stop fill:#ffa000,stroke:#b26a00,stroke-width:2.5px,color:#3e2723,font-size:13px linkStyle default stroke:#607d8b,stroke-width:2px,font-size:12px
specific stated purpose?"}:::decision NO1["Do not collect"]:::stop Q2{"Can we satisfy the purpose
with less identifying data?
aggregated, hashed, derived"}:::decision USE["Use the less-identifying form"]:::leaf Q3{"Define the minimum
retention period"}:::decision Q4{"Is the data shared
with third parties?"}:::decision APPROVE1["Document purpose, retention,
and access controls. Approve."]:::leaf Q5{"Data-processing agreement
and lawful basis for sharing?"}:::decision STOP2["Stop. Do not share."]:::stop APPROVE2["Document third-party scope,
purpose, and DPA.
Approve with annual review."]:::leaf Q1 -->|No| NO1 Q1 -->|Yes| Q2 Q2 -->|Yes| USE Q2 -->|No| Q3 Q3 -->|"retention window set"| Q4 Q4 -->|No| APPROVE1 Q4 -->|Yes| Q5 Q5 -->|No| STOP2 Q5 -->|Yes| APPROVE2 classDef decision fill:#1565c0,stroke:#0d3a73,stroke-width:2px,color:#ffffff,font-size:13px classDef leaf fill:#455a64,stroke:#263238,stroke-width:2px,color:#ffffff,font-size:13px classDef stop fill:#ffa000,stroke:#b26a00,stroke-width:2.5px,color:#3e2723,font-size:13px linkStyle default stroke:#607d8b,stroke-width:2px,font-size:12px
Each branch maps to a privacy principle.
"Do we need it?" is purpose limitation; "less identifying data?" is
data minimization; "minimum retention" is storage limitation;
and "lawful basis + DPA" is the lawful-basis requirement for sharing.
These principles appear in both the GDPR and the CCPA/CPRA. Hover a node for
the specific principle it enforces.