Data protection by design and default

Data protection by design and default (DPbDD) is often overlooked by organisations when considering their UK GDPR compliance obligations. This is understandable, as DPbDD is an intangible, all pervading concept that can be difficult to translate into specific actions, particularly compared to other discrete requirements of the UK GDPR. However, there is a dedicated section in the UK General Data Protection Regulation (GDPR) about DPbDD (Article 25) and extensive guidance published by the European Data Protection Board (EDPB) and Information Commissioner’s Office (ICO):

•
ICO: UK GDPR guidance and resources—Data protection by design and default
•
EDPB, Guidelines 4/2019 on Article 25 Data Protection by Design and by default—according to the ICO, these guidelines are no longer directly relevant to the UK regime and are not binding under the UK regime, however they may still provide helpful guidance on certain issues

In essence DPbDD involves considering data protection and privacy issues upfront in everything you do. This means you have to integrate data protection into your processing activities and business practices, from the design stage right through the lifecycle.

UK GDPR requirements

Data protection

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Practice Compliance News

HM Treasury issues advisory on Oil Price Cap evasion tactics

HM Treasury (HMT)and the Office of Financial Sanctions Implementation (OFSI) have released an advisory concerning the Oil Price Cap (OPC) regime. The guidance specifically addresses evasion strategies involving the manipulation of product origin through the use of fabricated and falsified Certificates of Origin (CO). This advisory aims to alert relevant parties to the risks associated with such practices and to enhance compliance efforts within the oil trade sector.

Practice Compliance weekly highlights—21 November 2024

This week's edition of Practice Compliance weekly highlights includes: the latest financial sanctions updates, three new consultations from the Solicitors Regulation Authority (SRA) on client money management and consumer protection, initiation of a consultation for legal regulators to combat economic crime by the Legal Services Board (LSB), and new guidance from the SRA on internal investigations, together with a suite of guidance for in-house solicitors.

New Practice Compliance forecast as at 20 November 2024

Our new Practice Compliance forecast (as at 20 November 2024) is now live. This month we report on items including: (1) publication of the long-awaited government guidance on the failure to prevent fraud offence; (2) consultation by the Financial Action Task Force (FATF) on proposed changes to FATF Standards and updates to grey listing criteria by FATF to increase focus on risk; (3) Transparency proposals and future Scheme Rules changes by the Legal Ombudsman (LeO), and (4) SRA consultation on the publication of regulatory decisions, updates to financial penalty regime and client money in legal services.