EDPB ISSUES GUIDELINES ON DATA PROTECTION BY DESIGN AND BY DEFAULT SET FORTH UNDER ARTICLE 25 OF THE GDPR

30.10.2020

The European Data Protection Board (“EDPB”) has published guidelines on article 25 “Data Protection by Design and by Default”.

The Guidelines give general guidance on the obligation of Data Protection by Design and by Default set forth in Article 25 in the GDPR. Data Protection by Design and by Default is an obligation for all controllers, irrespective of size and varying complexity of processing.

According to the Guidelines the core obligation is the implementation of appropriate measures and necessary safeguards that provide effective implementation of the data protection principles and, consequentially, data subjects’ rights and freedoms by design and by default. Article 25 prescribes both design and default elements that should be taken into account.

The Guidelines also contain guidance on how to effectively implement the data protection principles in Article 5, listing key design and default elements as well as practical cases for illustration.

Lastly, recommendations by the EDPB, on how controllers, processors and producers can cooperate to achieve Data Protection by Design and by Default is provided in the Guidelines.

You can reach the Guidelines here.

Should you have any queries and/or remarks, please do not hesitate to contact us. 

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr