GDPR（欧盟通用数据保护条例）和《个人信息保护法》

说明

1. 数据最小化原则 ：只收集为满足特定目的所必需的信息。
2. 清晰的同意 ：在收集、处理或共享个人信息之前，需要得到数据主体的明确同意。同时，用户应有权随时撤销其同意。
3. 数据匿名化/去识别化 ：在进行数据分析之前，对数据进行匿名化或去识别化处理，以减小泄露用户真实身份的风险。
4. 数据质量和准确性 ：公司必须确保其处理的数据准确无误，并定期更新。
5. 隐私设计和预设 ：在数据预处理阶段，应执行隐私设计和预设原则，例如对 personal data 应用最严格的权限设置。
6. 配备数据保护官 ：有的情况下，为了保证数据预处理的合规性，可能需要设立专门职位以负责数据保护。
7. 数据存储限制 ：只在完成数据预处理和分析目的所需的期限内保留数据。
8. 设定透明度原则 ：数据主体应被清楚地告知他们的数据是如何被收集和处理的。

注意，这不是一份详尽的信息安全流程列表，而是以GDPR和《个人信息保护法》中的一些基本要求为依据提出的几点建议。在实际执行过程中，你可能需要结合特定业务问题，制定和实施详细的数据保护和预处理策略，并可能需要得到专业法律和技术咨询。

Simply put

Principle of Data Minimization: Only collect information that is necessary to fulfill specific purposes.

Clear Consent: Obtain explicit consent from data subjects before collecting, processing, or sharing their personal information. Users should also have the right to withdraw their consent at any time.

Data Anonymization/De-identification: Prior to data analysis, anonymize or de-identify data to reduce the risk of disclosing users’ true identities.

Data Quality and Accuracy: Companies must ensure the accuracy and correctness of the data they process and regularly update it.

Privacy by Design and Default: Apply privacy design and default principles during data preprocessing, such as implementing the strictest permission settings for personal data.

Appoint a Data Protection Officer: In some cases, to ensure compliance with data preprocessing, it may be necessary to establish a dedicated position responsible for data protection.

Data Storage Limitation: Retain data only for the period necessary to complete data preprocessing and analysis purposes.

Transparency Principle: Data subjects should be clearly informed about how their data is collected and processed.

Please note that this is not an exhaustive list of information security procedures but rather a set of recommendations based on the GDPR and the Personal Information Protection Law. In practice, you may need to develop and implement detailed data protection and preprocessing strategies tailored to specific business issues, and professional legal and technical consultation may be required.