Privacy by design and default

Data protection by design means you embed data privacy features and data privacy enhancing technologies directly into the design of your projects at an early stage.  To implement data protection by design you shall:

  • Put in place appropriate technical and organisational measures designed to implement data protection principles.
  • Integrate safeguards into data processing so that you meet GDPR requirements and protect individual rights.

This will help to ensure better and cost-effective protection for individual data privacy. Data protection by design is less a set of requirements as it is a general approach to GDPR compliance.

Data protection by default means that service settings shall be automatically data protection friendly.

Data protection by default is the principle according to which:

  • an organisation (data controller) ensures that only the data that is strictly necessary for a specific purpose is processed by default, i.e. without the intervention of the individual user.
  • data controller needs to specify strictly necessary data before the processing starts, appropriately inform individuals and only process that data which is needed for a specific purpose.
  • data controller shall not process any additional data unless the individual decides that the data controller may do that.
  • data controller shall ensure that personal data is not automatically made publicly available to others unless the individual decides to make such data public.
  • data controller shall ensure that individual will be able to exercise their rights.

This principle covers the amount of data collected, extent of processing, storage period and accessibility.

ECOVIS ProventusLaw can:

  • Advise on privacy by design and default implementation.
  • Advice on developing policies, guidelines and work instructions related to data protection ensuring the implementation of data protection by design and data protection by default.

Loreta Andziulytė

Lawyer, attorney at law, partner of the law firm, CIPP/E.

Contact person