Almost invisible, but vital: what is “Privacy by design and by default”?

Recently 275 mln Eur GDPR fine was imposed on Meta due to a data breach. This fine was not issued because Meta has yet to implement appropriate technical and organizational measures but because it has violated privacy by design and by default requirements when developing its products.

This situation is an excellent reminder to embed best privacy practices into your products, systems, and processes, as these practices are not simply “nice to have” but an actual regulatory requirement. Be aware that privacy by design and by default cannot be implemented later – it must be the cornerstone of your entire business idea.

How to ensure that privacy by design and by default approach is not only codified in your internal GDPR documents but also works in practice? Here are the top 5 tips from WALLESS experts:

–      Consider data protection issues a part of the design and implementation of your products, systems, and processes. We also recommend discussing your idea with privacy lawyers to determine the most sensitive areas (e.g., separation of the data, the possibility of deleting it, etc.)

–      Organize regular personal data protection training for employees – raise GDPR awareness in your organization and indicate the necessity of such an approach.

–      Adopt a “plain language” policy for all public GDPR documents so that individuals can easily understand what your company is doing with their personal data

–      Ensure that state-of-the-art cybersecurity and IT solutions are implemented during the development process

–      For each new product, system, or process, conduct a data protection impact assessment (DPIA).

Follow these tips to ensure that your company’s money is spent on R&D rather than on regulatory fines.

#GDPR #privacy #cybersecurity