Home Privacy Law GDPR Article 25 GDPR (Data Protection By Design And By Default)

Article 25 GDPR (Data Protection By Design And By Default)

Article 25 of GDPR: Privacy and data protection by design 

One important obligation stemming from GDPR is the data privacy and data protection by design concept.

Article 25 of GDPR sets the stage for companies to consider data privacy and data protection in all aspects of their business, including product development and their operations all the way to the rendering of their services.

Data minimisation and pseudonymisation (Article 25(1) GDPR)

To observe the obligations of Article 25(1) of GDPR, companies are required to incorporate principles like data minimisation and measures like pseudonymisation designed to protect personal data.

Such principles should be implemented:

  1. When the company determines the personal data processing means
  2. At the time of personal data processing

To determine the most appropriate technical and organisational measure suitable to implement data minimisation measures, an organization should take into consideration:

  1. The state of the art
  2. Cost of implementation
  3. Nature of processing
  4. Scope of processing
  5. Context of processing
  6. Purpose of processing
  7. Risks to data subjects

Collect only the personal data necessary (Article 25(2) GDPR)

By default, companies should only collect personal data necessary for the intended purpose.

There should be no other personal data processing.

To achieve this objective by default, companies must implement processes and procedures in place to only collect the needed personal data.

Such measures should apply to:

  1. The amount of personal data collected
  2. The extent of personal data processing
  3. The period of time personal data will be stored
  4. The accessibility to the personal data

Last, companies should make sure that, by default, personal data is not made accessible to others without the individual’s intervention.

Approved certifications (Article 25(3) GDPR)

To demonstrate that a company complies with its obligation of data privacy and data protection by design, it can opt for an approved certification mechanism further to Article 42 of GDPR.

Recitals applicable to Article 25 of GDPR

Relevant Recitals: 78

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 25 or relevant recitals

None

GDPR Text: Article 25 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)

Editorial Staff
Hello Nation! I'm a lawyer by trade and an entrepreneur by spirit. I specialize in law, business, marketing, and technology (and love it!). I'm an expert SEO and content marketer where I deeply enjoy writing content in highly competitive fields. On this blog, I share my experiences, knowledge, and provide you with golden nuggets of useful information. Enjoy!

Most Popular

What Is A Private Placement (Explained: All You Need To Know)

What Is A Private Placement (Explained: All You Need To Know)

Offering Memorandum (Explained: All You Need To Know)

Offering Memorandum (Explained: All You Need To Know)

Financial Services Industry (Explained: All You Need To Know)

Financial Services Industry (Explained: All You Need To Know)

Transporation Industry (Explained: All You Need To Know)

Transportation Industry (Explained: All You Need To Know)

What Is A First Look Deal (Explained: All You Need To Know)

What Is A First Look Deal (Explained: All You Need To Know)

Editor's Picks

Florida UCC Search (How It Works: All You Need To Know)

Florida UCC Search (How It Works: All You Need To Know)

Other Insurance Clause (Overview: All You Need To Know)

Other Insurance Clause (Overview: All You Need To Know)

What Time Is Evening (Explained: All You Need To Know)

What Time Is Evening (Explained: All You Need To Know)

Utah Secretary of State (What All Businesses Should Know)

Utah Secretary of State (What All Businesses Should Know)

Partnership distribution (Overview: All You Need To Know)

Partnership distribution (Overview: All You Need To Know)