News top

What is ‘Privacy by Design’?

With the GDPR coming into force in May 2018 more and more businesses understand the need of keeping personal and confidential data of their customers, employees and partners safe. In the era of “big data” this has become extremely challenging. A risk-based methodology of identifying digital vulnerabilities and closing privacy gaps is becoming essential.


A proven and validated ability to secure and protect digital data— both your own and your customers’—is gradually being accepted as a business essential that brings a competitive advantage for the business.

If you have made sure to guarantee that the controls are implemented, and the information processed and stored is secure, having your privacy practices well defined can take your privacy and security posture to the next level.

Privacy by design is a framework which incorporates privacy into the design and the operation of IT systems, networked infrastructure, and business practices.

Below are the 7 Foundation Principles of Privacy by Design:

  • Proactive not reactive – to anticipate, identify and prevent invasive events before they happen. This means taking action before the fact, not afterwards.
  • Lead with privacy as the default setting – ensure that privacy data is automatically protected in all IT systems or business practices.
  • Embed privacy into design - privacy measures should not be add-ons, but fully integrated components of the system.
  • Retain full functionality - Privacy by Design employs a “win-win” approach to all legitimate system design goals, This means, both privacy and security are important, and there is no need for unnecessary trade-offs to be made.
  • Ensure end-to-end security - data lifecycle security means all data should be securely retained as needed and destroyed when no longer needed.
  • Maintain visibility and transparency ensure stakeholders that business practices and technologies are operating according to objectives and subject to independent verification.
  • Respect user privacy & keep it user friendly - keep things user-centric; individual privacy interests must be supported by strong privacy defaults.


Data Protection is a fundamental part of technological development together with the way a product or service is delivered. GDPR doesn’t specify how changes should be implemented, but for many organisations adopting a privacy by design approach will require a significant culture change. If you want to know more about GDPR, how it applies to your organization and what steps you must take to meet the legislation’s requirements, start with GDPRQ Gap analysis – a crucial first step on the path to compliance.


A honlap utolsó módosításának időpontja: 2019.03.08