Privacy by Design' and 'Privacy by Default

European General Data Protection Regulation (EU GDPR) Article 25

Let's pay attention to two important concepts within the GDPR, 'Privacy by Design' and 'Privacy by Default'.
Both concepts try to make sure all principles of processing personal data are complied with, and that all the data subject's rights and freedoms, as you have seen before, are respected at all times, in such a way that the data controller is at any time able to demonstrate the effectiveness of all the measures taken.

Basically, there are seven foundational principles of privacy by design.
PRIVACY EMBEDDED INTO DESIGN- First, privacy should be embedded into the design itself, Meaning whatever you will be offering to a data subject for whatever reason, all the principles should be in there from scratch, from day one, so the principles of processing personal data should already be there in the basics of starting to design.
RESPECT USER PRIVACY- Whatever you do, user privacy should be respected. It should be done in such a way that the data subject can always make sure he can have access and that it is being done in a just, fair and open way, transparent way.
VISIBILITY AND TRANSPARENCY OF PROCESSING-  Another, the third principle of privacy by design, is visibility and transparency. So, in order to access personal data, it should be made known to data subject, what is being done. So, it should be at least visible and transparent towards the data subject.
EVERY STEP SHOULD ADD VALUE FOR THE DATA SUBJECT- Every step you take, to make sure principles of processing personal data are respected, should add some actual value to the data subject.
Now, for example, if you try to inform a data subject about a certain purpose, this information providing should be clarifying, instead of making it blurry So, it should actually help to add value to the data subject.
FULL END TO END SECURITY- Another principle is about security. End-to-end, all processing of personal data should be secure. Now, this means that from the beginning to the end, appropriate measures, technical, organizational should be implemented to make sure all data is secure.
PRIVACY AS DEFAULT (STANDARD) SETTING- This basically means that whatever you will be doing maximizing data protection is standard operation, a standard procedure. That's the core of privacy as default setting.
PROACTIVE (PREVENTIVE) PROTECTION MEASURES (NOT REMEDIAL) -The seventh principle of privacy by design is that the measures should be taken to proactively. So, not as a remedy,
not afterwards, but prior to any finishing of any service or products, proactive protection measures
should be there.
#privacy #gdpr #data #design #respect #security #gdpr #gdprcompliance #gdprcompliance #dataprivacy #datasecurity