🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

GDPR: How to implement privacy by default and privacy by design?

Home GDPR: How to implement privacy by default and privacy by design?

Article 25 of the General Data Protection Regulation (GDPR) provides for the principles of Privacy by design and Privacy by default. They correspond in French to the protection of personal data by design and by default.

The response to the survey "When should we implement Privacy by design? "

During a survey carried out on February 1 on our LinkedIn page, we asked you when a company should implement Privacy by design.
You were strong! Out of 152 voters, 95% of you have "Before the project". Indeed, the company must implement these principles from the design of the project.

Implement privacy by design and privacy by default

When launching a new project involving personal data (payroll software, CRM, newsletters...), these two principles must be respected.

But what is privacy by design and privacy by default?

Privacy by design is data protection by design. In other words, data players must integrate the protection of personal data from the design of projects that involve a data processing activity (application, website, connected object, etc.). It is necessary to ensure from the start that the project (and the new processing methods planned) complies with the GDPR.
How to do? The project leader must take appropriate technical and organizational measures to process the data with regard to the purpose pursued and the risks incurred for the persons concerned. Respecting this principle involves implementing preventive measures to prevent the collection of personal data without legitimate reason or to ensure that the data will be deleted when it is no longer useful.

Regarding Privacy by default, companies must ensure that personal data is processed according to the highest possible level of privacy protection without the persons concerned having to carry out any manipulation or special steps. This maximum level of protection should not prevent the persons concerned either In other words, the user must be assured that, without any manipulation of the parameters, their privacy will be respected and their data protected.

To be clearer

The controller may, for example, adopt the following measures:

  • Pseudonymization of data. That is to say the replacement of certain personal data with a pseudonym. The person is no longer directly identifiable, however unlike anonymization this process is reversible. Pseudonymization allows companies to use data, while protecting the individual's privacy. In this way, the data is "separated" from the identity of the individual.
  • Minimizing data collection. According to this principle, only data necessary for the purposes required by the company is collected. The user can then choose to provide access to more data by changing the default settings. This is for example the case when an application or site offers you to authorize or refuse
    activation of geolocation. By default, the application is configured not to geolocate, however you can modify this setting and provide access to your location.

Data Comply One (formerly Mission RGPD) and Privacy by Design

You don't know how to set up Privacy by design or Privacy by default? You do not have time?
With Data Comply One (formerly Mission RGPD) you can use the registry module by creating a file in project mode to document all the measures taken under Privacy by design and Privacy by default.

Don't waste any more time, it's so simple!

Request a demo
Other articles
on the same subject