Data protection by design and by default is primarily the process of putting in place appropriate technical and organisational measures to implement the data protection principles and safeguard individual rights.
Data protection by design is about ensuring data protection and privacy issues are considered upfront in everything you do, and it helps you to comply with the GDPR’s fundamental principles and requirements. In essence, this means you have to build in data protection into your activities and business practices, from the design stage right through the lifecycle.
Having the ability to demonstrate the technical and organisational measures that you are taking also forms part of your focus on accountability.
Examples of data protection by design and by default might include:
- Data protection is considered and monitored as part of new change projects.
- You do not collect data that is not needed for the process.
- Systems are protected from unauthorised access
- Data is protected through security techniques, such as encryption
- Plain language is used when communicating with data subjects