What is Privacy by Design?

What is Privacy by Design?

Privacy by design principles were created by Ann Cavoukian in the 1990s which became an international standard in 2010. The main focus talked about today is privacy as a default setting and embedded privacy. ENISA has created a document which gives deeper guidelines/instructions for a more technical audience in 2015.
Privacy by design was created with the technical design of products, however the concept did inspire the GDPR concept of Data Protection by Design by Default which encompasses all collection/processing of personal data across the whole organisation.

Privacy by design is based on 7 principles:

  1. Proactive not reactive; preventive not remedial
  2. Privacy as the default setting
  3. Privacy embedded into design
  4. Full functionality – positive-sum, not zero-sum
  5. End-to-end security – full lifecycle protection
  6. Visibility and transparency – keep it open
  7. Respect for user privacy – keep it user-centric



    • Related Articles

    • What is a privacy risk?

      Making GDPR compliance easy with Privasee · Privacy Risk Definition Privacy risk is the potential harm to the rights and freedoms of the natural person. Now, if you come from an IT background and have an IT hat you can be forgiven in thinking that ...
    • What does it mean that we have 72 hours to report a breach?

      When you are data controllerFrom the moment a personal data breach has been confirmed, your organisation has 72 hours to decide (and report) if it presents a high risk of harm to the rights and freedoms of an individual and if so it must be reported ...
    • How can we be a joint-controller?

      If 2 or more controllers have a say in the purpose and means on the processing of personal data they are potentially joint controllers.   If there is a case of a joint controller situation then it needs to be clear in a contract between the ...
    • How do I create a GDPR compliant Cookie Consent Banner?

      According to the GDPR, users must allow website-visitors the ability to change their cookie preferences at any time. The visitor should have the choice on which non-essential cookies are used during the visit. The default should be that the visitor ...
    • What is consent?

      Making GDPR compliance easy with Privasee · Consent Types In order for consent to be legal it either needs to be unambiguous consent or explicit consent.  Unambiguous consent is defined in the GDPR as similar to implicit consent but strengthened by a ...