GDPR Glossary Also known as: privacy by design, privacy by default
Building data protection into systems from the outset, and defaulting to the most privacy-friendly settings.
Data protection by design means embedding safeguards — like minimisation and pseudonymisation — into processing from the very start, not bolting them on later.
By default, only the personal data necessary for each specific purpose should be processed, with the most privacy-protective settings applied automatically.
In the Regulation
Related terms
PseudonymisationReplacing identifying fields with a pseudonym so data can't be attributed to a person without separately-kept extra information.Data minimisationCollect only the personal data you actually need for your purpose — no more.Data Protection Impact AssessmentA structured risk assessment you must run before high-risk processing, to identify and reduce privacy risks.
Need this applied to your business?
Our data-protection lawyers turn GDPR terms into a working plan.