Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.



Data Protection by design

PrintMailRate-it

​​​​​​​published on 25 November 2024 | reading time approx. 3 minutes


One of the key concepts for any project planning under the GDPR is data protection by design. All companies must guarantee that the processing of personal data aligns with the principle of data protection by design. However, to comply with this principle and process personal data lawfully, avoiding data breaches, it is essential to comprehend the underlying meaning and objectives of the principle.

The concept of data protection by design entails the implementation of technical and organisational measures at the initial stages of data processing. This approach ensures that the fundamental principles of data protection are duly respected from the outset and that potential risks are promptly addressed. The underlying objective is to prevent data breaches and other violations of privacy regulations.

As an example of data protection by design is the use of pseudonymization. It involves the removal of contextual elements so that data can no longer be linked to a specific person, which helps to protect data subjects. The use of encryption is a good practice to keep data secure. In the event of a data breach, the company may need to justify why the data has not been encrypted. 

The implementation of Data Protection Impact Assessments (DPIAs) is also a good example of data protection by design. The purpose of the DPIA process is to provide assurance that controllers as well as processors adequately address the privacy and data protection risks associated with their processing activities. This principle is based on the early identification of potential risks to personal data and the development of mechanisms to address them.

When personal data are not yet processed, but only when activities are planned, the company must be aware of the data that will be processed and the manner in which this will be done. The company is also obliged to assess and eliminate the risks of processing in advance, i.e. to take preventive action. Instead of dealing with existing problems, the company must be aware of all possible risks and take steps to avoid possible infringements of personal data. A key aspect of data protection by design is adopting a proactive rather than a reactive approach to data protection. Rather than focusing on what a company must do in the event of a breach, data protection by design focuses on mitigating the risks of data breaches.

It should be stressed that such advance preparation for the processing of personal data helps to ensure that the processing is carried out in compliance with the law, as well as being financially beneficial for the company itself, as it can be problematic and costly to change established processing processes at a later stage.

It is important that the measures taken by the company are effective, i.e. that the actions taken achieve real results. As the regulation does not specify specific measures to be taken, it is up to the company to develop them based explicitly on this effectiveness criteria, based on the potential risks. Consequently, the GDPR provides companies with the freedom to choose the most appropriate measures for each company, ensuring maximum effectiveness in the specific circumstances. It should be emphasized that data protection by design should be implemented from the moment a company has a plan for new processing activities. However, it shall not be forgotten that the tools and measures developed at this stage should also be evaluated during the processing thereof to make sure that they are still effective and achieve the data protection objective.

 DATA PROTECTION BITES

AUTHOR

Contact Person Picture

Staņislavs Sviderskis

Assistant Attorney at Law, Cyber & Information Security Expert

Senior Associate

+371 6733 8125

Invia richiesta

 RÖDL & PARTNER LATVIA

Discover more about our offices in Latvia. 
Deutschland Weltweit Search Menu