Security by Design and Security by Default

Companies/organisations are encouraged to implement technical and organisational measures, at the earliest stages of the design of the processing operations in such a way that safeguards privacy and data protection principles right from the start (‘data protection by design’).

By default, companies/organisations should ensure that personal data is processed with the highest privacy protection (for example only the data necessary should be processed, short storage period, limited accessibility) so that by default personal data isn’t made accessible to an indefinite number of persons (‘data protection by default’).