Privacy by Design


      Privacy by design means that the privacy protection rules are taken into account already when IT systems and procedures are designed.

      To comply with the Privacy by design demands, who is stated in article 25 GDPR, the controller needs to implement appropriate technical and organisational measures. This needs to be considered both when the controller determines the means of the processing and at the time of the processing itself.

      For example, these measures could be to implement pseudonymisation functions or other necessary safeguards like malware protection or firewalls to protect personal data.