Home Privacy Law GDPR Article 25 GDPR (Data Protection By Design And By Default)

Article 25 GDPR (Data Protection By Design And By Default)

Article 25 of GDPR: Privacy and data protection by design 

One important obligation stemming from GDPR is the data privacy and data protection by design concept.

Article 25 of GDPR sets the stage for companies to consider data privacy and data protection in all aspects of their business, including product development and their operations all the way to the rendering of their services.

Data minimisation and pseudonymisation (Article 25(1) GDPR)

To observe the obligations of Article 25(1) of GDPR, companies are required to incorporate principles like data minimisation and measures like pseudonymisation designed to protect personal data.

Such principles should be implemented:

  1. When the company determines the personal data processing means
  2. At the time of personal data processing

To determine the most appropriate technical and organisational measure suitable to implement data minimisation measures, an organization should take into consideration:

  1. The state of the art
  2. Cost of implementation
  3. Nature of processing
  4. Scope of processing
  5. Context of processing
  6. Purpose of processing
  7. Risks to data subjects

Collect only the personal data necessary (Article 25(2) GDPR)

By default, companies should only collect personal data necessary for the intended purpose.

There should be no other personal data processing.

To achieve this objective by default, companies must implement processes and procedures in place to only collect the needed personal data.

Such measures should apply to:

  1. The amount of personal data collected
  2. The extent of personal data processing
  3. The period of time personal data will be stored
  4. The accessibility to the personal data

Last, companies should make sure that, by default, personal data is not made accessible to others without the individual’s intervention.

Approved certifications (Article 25(3) GDPR)

To demonstrate that a company complies with its obligation of data privacy and data protection by design, it can opt for an approved certification mechanism further to Article 42 of GDPR.

Recitals applicable to Article 25 of GDPR

Relevant Recitals: 78

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 25 or relevant recitals

None

GDPR Text: Article 25 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)

Editorial Staff
Hello Nation! I'm a lawyer by trade and an entrepreneur by spirit. I specialize in law, business, marketing, and technology (and love it!). I'm an expert SEO and content marketer where I deeply enjoy writing content in highly competitive fields. On this blog, I share my experiences, knowledge, and provide you with golden nuggets of useful information. Enjoy!

Most Popular

Electronic Signature Clause (Explained: All You Need To Know)

Electronic Signature Clause (Explained: All You Need To Know)

What Is A Mortgagee Clause (Explained: All You Need To Know)

What Is A Mortgagee Clause (Explained: All You Need To Know)

What Is Business Flexibility (Explained: All You Need To Know)

What Is Business Flexibility (Explained: All You Need To Know)

What Is Liquidity Ratio (Explained: All You Need To Know)

What Is Liquidity Ratio (Explained: All You Need To Know)

What Are Laundry Services (Explained: All You Need To Know)

What Are Laundry Services (Explained: All You Need To Know)

Editor's Picks

Understanding A Reverse Merger (Best Guide on Reverse Takeovers)

Understanding A Reverse Merger (Best Guide on Reverse Takeovers)

Address Line 1 (What Does It Mean And How To Fill It Out)

Address Line 1 (What Does It Mean And How To Fill It Out)

Unlimited Liability (Overview: What Does It Mean In Business)

Unlimited Liability (Overview: What Does It Mean In Business)

Articles of Incorporation Florida (How To File: All You Need To Know)

Articles of Incorporation Florida (How To File: All You Need To Know)

Purchase Consideration In Business (Method And Payment Structure)

Purchase Consideration In Business (Calculation Method And Payment Structure)