The General Data Protection Regulation (“GDPR”) requires that a data controller put in place appropriate technical and organisational measures to implement the data protection principles in order to meet the requirements of the regulation and to protect the rights of the data subject. The measures are to be implemented both at the time of the determination of the means for processing and at the time of the processing itself. This is data protection by design and default. Data protection by design and default entails embedding data protection into the design of technology, systems and practices and throughout the lifecycle, such that data protection is considered from the beginning, rather as an afterthought.

Download Here