Insights & news

EDPB Guidelines on Data Protection by Design and by Default

  • 03/12/2019
  • Articles

On 13 November 2019, the European Data Protection Board (EDPB) published draft guidelines (the Guidelines) on the principle of “Data Protection by Design and by Default” set out under Article 25 of the General Data Protection Regulation (GDPR). The Guidelines explain how controllers must ensure that they effectively implement the “data protection principles and data subjects’ rights and freedoms by design and by default” during the design and life cycle of processing activities.

The EDPB underlines that Data Protection by Design and Default is a requirement for all controllers, independent of their size. The examples contained in the Guidelines illustrate the broad range of processing activities to which this principle applies: from setting up membership administration to buying customer relationship management (CRM) software; designing online order forms; improving effectiveness of deliveries (through tracking employees); deciding on loan applications as a financial institution; or using artificial intelligence to profile customers. However, the complexity of implementing this principle will vary based on the individual processing operation. In this regard, the principle of Data Protection by Design and Default is coherent with the “risk-based approach” underlying the GDPR. 

Please click below for a short client memorandum on these guidelines. 


Key contacts

Related practice areas

Related insights

Sign up for updates
    • 16/03/2020
    • Newsletters

    VBB on Belgian Business Law, Volume 2020, No. 2

    The February 2020 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition, data protection, intellectual property and labour law.

    Read more
    • 12/03/2020
    • Articles

    European Commission Presents Digital Strategy on Data and Artificial Intelligence

    On 19 February 2020, the European Commission published its white paper on artificial intelligence (AI) – “A European approach to excellence and trust” (the White Paper). According to the White Paper, in simple terms, AI is a collection of technologies that combine data, algorithms and computing power for the benefit of citizens, businesses and the public interest in general. In essence, the White Paper sets out policy options on how to achieve a balance between encouraging the uptake of AI while addressing the associated risks through potential regulation. On the same day as the publication of its white paper on artificial intelligence, the European Commission unveiled a new European data strategy. With this five-year plan, the Commission wants to create a single European data space, which is a single market for data that will be open to data from across the world. The European data strategy and the white paper on artificial intelligence are the first pillars of broader policy initiatives that involve a digital strategy and a framework for the development of Artificial Intelligence.

    Read more
    • 04/03/2020
    • Articles

    EDPB Urges Companies to Conduct Data Protection Assessment Ahead of Merger

    The European Data Protection Board (EDPB) has issued a statement on the privacy implications of mergers in view of Google LLC’s intention to acquire Fitbit, Inc. The EDPB is concerned that Google would gain too much control over people’s health and wellness data potentially leading to an unfair advantage over other companies.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *