Home Privacy Law GDPR Article 25 GDPR (Data Protection By Design And By Default)

Article 25 GDPR (Data Protection By Design And By Default)

Article 25 of GDPR: Privacy and data protection by design 

One important obligation stemming from GDPR is the data privacy and data protection by design concept.

Article 25 of GDPR sets the stage for companies to consider data privacy and data protection in all aspects of their business, including product development and their operations all the way to the rendering of their services.

Data minimisation and pseudonymisation (Article 25(1) GDPR)

To observe the obligations of Article 25(1) of GDPR, companies are required to incorporate principles like data minimisation and measures like pseudonymisation designed to protect personal data.

Such principles should be implemented:

  1. When the company determines the personal data processing means
  2. At the time of personal data processing

To determine the most appropriate technical and organisational measure suitable to implement data minimisation measures, an organization should take into consideration:

  1. The state of the art
  2. Cost of implementation
  3. Nature of processing
  4. Scope of processing
  5. Context of processing
  6. Purpose of processing
  7. Risks to data subjects

Collect only the personal data necessary (Article 25(2) GDPR)

By default, companies should only collect personal data necessary for the intended purpose.

There should be no other personal data processing.

To achieve this objective by default, companies must implement processes and procedures in place to only collect the needed personal data.

Such measures should apply to:

  1. The amount of personal data collected
  2. The extent of personal data processing
  3. The period of time personal data will be stored
  4. The accessibility to the personal data

Last, companies should make sure that, by default, personal data is not made accessible to others without the individual’s intervention.

Approved certifications (Article 25(3) GDPR)

To demonstrate that a company complies with its obligation of data privacy and data protection by design, it can opt for an approved certification mechanism further to Article 42 of GDPR.

Recitals applicable to Article 25 of GDPR

Relevant Recitals: 78

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 25 or relevant recitals

None

GDPR Text: Article 25 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)

Editorial Staff
Hello Nation! I'm a lawyer by trade and an entrepreneur by spirit. I specialize in law, business, marketing, and technology (and love it!). I'm an expert SEO and content marketer where I deeply enjoy writing content in highly competitive fields. On this blog, I share my experiences, knowledge, and provide you with golden nuggets of useful information. Enjoy!

Most Popular

What Is A Special Purpose Entity (All You Need To Know)

What Is A Special Purpose Entity (Explained: All You Need To Know)

What Is Corporate Raiding (Explained: All You Need To Know)

What Is Corporate Raiding (Explained: All You Need To Know)

What Are Golden Shares (Explained: All You Need To Know)

What Are Golden Shares (Explained: All You Need To Know)

What Is A Targeted Repurchase (Explained: All You Need To Know)

What Is A Targeted Repurchase (Explained: All You Need To Know)

What Is A Friendly Takeover (Explained: All You Need To Know)

What Is A Friendly Takeover (Explained: All You Need To Know)

Editor's Picks

How To Apply For A Business License (All You Need To Know)

How To Apply For A Business License (All You Need To Know)

Can LLC Issue Stock (Overview: All You Need To Know)

Can LLC Issue Stock (Overview: All You Need To Know)

Unlimited Liability (Overview: What Does It Mean In Business)

Unlimited Liability (Overview: What Does It Mean In Business)

Insufficient Funds (Meaning: All You Need To Know)

Insufficient Funds (Meaning: All You Need To Know)

B2B Meaning In Business (Explained: All You Need To Know)

B2B Meaning In Business (Explained: All You Need To Know)