On 13 November 2019, the European Data Protection Board (EDPB) adopted the guidelines on Data Protection by Design and Default (DPbDD) for public consultation (link here) until 16 January 2020, providing an in-depth analysis of the components that make up DPbDD under GDPR article 25. We highlight below some of the key definitions.
Background
DPbDD refers to the effective implementation of data protection principles and data subjects’ rights and freedoms by Design and by Default. Controllers must be able to demonstrate that they have in place appropriate technical and organizational measures and safeguards in an effective manner. Incorporating such measures from the start of the project planning or product design, and embedding considerations of data protection through the launch phase is more effective and pro-active than a retrospective approach. This means that data protection practices and considerations must be ‘baked in’ to business practices and processing activities from the start. Although DPbDD primarily concerns controllers, processors and other parties are advised to take note as they work with controllers to fulfil the latter’s obligations under GDPR article 25.Continue Reading The EDPB on ‘Data Protection by Design and by Default’