LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Privacy by design and privacy by default

  Quote
Guest
Guest user Created:   Jan 12, 2022 Last commented:   Jan 14, 2022

Privacy by design and privacy by default

Although I have 25 years’ experience as a consultant, trainer and auditor in the field of ISO management systems, I have thoroughly enjoyed the above webinar; very clear texts and explanations meeting my expectations! I have one question related to Privacy by design and privacy by default; this was already bothering me when I followed training regarding GDPR: although it may be my fault, it is still not yet clear what the exact difference(s) is/are between both approaches. Perhaps some example could highlight the differences.
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Tudor Galos Jan 14, 2022

Data Protection By Default and By Design is one of the key principles in GDPR, as stated by Article 25 and recital 78 (Appropriate Technical and Organisational Measures). Article 25 GDPR actually focuses on the implementation of the data protection principles stated in Article 5 GDPR through a proactive approach. It mentions that “the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects”. Thus, according to Article 25 GDPR, data protection must be thought of as ex-ante.

Privacy by design is a concept first mentioned in 1995 by Ann Cavoukian, former Information & Privacy Commissioner, Ontario, Canada, and it encompasses 7 principles:

  • Proactive not reactive; preventive, not remedial
  • Privacy as the default setting
  • Privacy embedded into the design
  • Full functionality – positive-sum, not zero-sum
  • End-to-end security – full lifecycle protection
  • Visibility and transparency – keep it open
  • Respect for user privacy – keep it user-centric 
  • Her work shaped the modern privacy and personal data protection regulations today.

    You can find more information at these links:

    Tudor Galos
    Quote
    0 0

    Comment as guest or Sign in

    HTML tags are not allowed

    Jan 12, 2022

    Jan 14, 2022