Security by Design and Security by Default

Companies and organisations are encouraged to implement technical and organisational measures at the earliest stages of the design of the processing operations, in a way that safeguards privacy and data protection principles right from the start (‘data protection by design’).

Companies and organisations should ensure that personal data is always processed with the highest privacy protection (for example only the data necessary should be processed, short storage period, limited accessibility) so that personal data isn’t made accessible to an indefinite number of persons (‘data protection by default’).