Data protection by design and default

Data protection by design and default (DPbDD) is often overlooked by organisations when considering their UK GDPR compliance obligations. This is understandable, as DPbDD is an intangible, all pervading concept that can be difficult to translate into specific actions, particularly compared to other discrete requirements of the UK GDPR. However, there is a dedicated section in the UK General Data Protection Regulation (GDPR) about DPbDD (Article 25) and extensive guidance published by the European Data Protection Board (EDPB) and Information Commissioner’s Office (ICO):

  1. ICO: UK GDPR guidance and resources—Data protection by design and default

  2. EDPB, Guidelines 4/2019 on Article 25 Data Protection by Design and by default—according to the ICO, these guidelines are no longer directly relevant to the UK regime and are not binding under the UK regime, however they may still provide helpful guidance on certain issues

In essence DPbDD involves considering data protection and privacy issues upfront in everything you do. This means you have to integrate data protection into your processing activities and business practices, from the design stage right through the lifecycle.

UK GDPR requirements

Data protection

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Powered by Lexis+®
Latest Risk & Compliance News
View Risk & Compliance by content type :

Popular documents