During the 40th Plenary Session of the European Data Protection Board, following public consultation, was adopted the final version of the Guidelines on Data Protection by Design & Default.
The Guidelines focus on the obligation of Data Protection by Design and by Default as set forth in Article 25 of General Data Protection Regulation (GDPR). This means that controllers have to implement appropriate technical and organisational measures and the necessary safeguards, designed to ascertain data protection principles in practice and to protect the rights and freedoms of data subjects. In addition, controllers should be able to demonstrate that the implemented measures are effective.
The Guidelines also contain guidance on how to effectively implement the data protection principles as set forth in Article 5 of GDPR, listing key design and default elements, as well as practical cases for illustration.