Privacy by design and default

Data protection by design means that you embed data privacy features and data privacy enhancing technologies directly into the design of your projects at an early stage.  To implement data protection by design you shall:

  • Put in place appropriate technical and organisational measures designed to implement data protection principles.
  • Integrate safeguards into data processing in order to meet GDPR requirements and protect individual rights.

This will help to ensure better and cost-effective protection for individual data privacy. Data protection by design is less a set of requirements as it is a general approach to GDPR compliance.

Data protection by default means that service settings shall automatically be data protection friendly.

Data protection by default is the principle according to which:

  • an organisation (data controller) ensures that only the data that is strictly necessary for a specific purpose is processed by default, i.e. without intervention of an individual user.
  • data controller needs to specify only necessary data before processing, appropriately inform individuals and process only that data which is necessary for a specific purpose.
  • data controller shall not process any additional data unless an individual decides that a data controller may do that.
  • data controller shall ensure that personal data is not automatically made publicly available to others unless an individual decides to make such data publicly available.
  • data controller shall ensure that individuals will be able to exercise their rights.

This principle covers the amount of data collected, scope of processing, storage period and accessibility.

ECOVIS ProventusLaw can:

  • advise on the implementation of privacy by design and default.
  • advice on development of policies, guidelines and work instructions related to data protection which ensure the implementation of data protection by design and data protection by default.

Loreta Andziulytė

Lawyer, attorney at law, partner of the law firm, CIPP/E.

Contact person