GDPR principle

Answer:

The EU GDPR expressly mentions at article 25 (https://advisera.com/eugdpracademy/gdpr/data-protection-by-design-and-by-default/) the concepts of data protection by design and by default as important data protection principles and imposes specific obligations on controller.

In a nutshell, the data protection by design provision requires controllers to :
- implement appropriate technical and organizational measures (such as pseudonymisation) which are designed to implement data protection principles (such as data minimization) in an effective way; and
- integrate necessary safeguards into their processing activities in order to meet the requirements of the GDPR and protect the rights of data subjects.

Under the data protection by default provision, controllers are required to implement appropriate technical and organizational measures for ensuring, by default, that only personal data which are necessary for each specific purpose of the p rocessing are processed.

Our EU GDPR toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ considered these obligations on controllers and integrated them in the relevant documents.