Final answer:
Privacy by design applies to Infosys when it is a data controller and when it develops solutions for a client, ensuring data protection compliance from the start. (option d)
Step-by-step explanation:
Privacy by design is a principle that states organizations should integrate privacy into the design and architecture of IT systems and business practices, as well as its infrastructure and operations. The concept is intended to ensure privacy and data protection compliance from the start. For Infosys, privacy by design applies in two major instances: when Infosys is a data controller and when Infosys develops a solution for a client. Being a data controller means that Infosys determines the purposes and means of processing personal data. When developing solutions for clients, incorporating privacy by design ensures that the final product complies with data protection laws and regulations.
In the context of a data processor, Infosys would be acting on behalf of a data controller and would follow the specifications given by that controller. However, even as a data processor, integrating privacy by design is a best practice to help ensure regulatory compliance and safeguard data. Therefore, the correct options reflecting when privacy by design applies to Infosys, even in the absence of a contractual obligation, are both when Infosys is a data controller and when Infosys develops a solution for a client.