Demo anfordern
mail@virtual-solution.com
+49 89 30 90 57-0
Kontakt
Logo Materna Virtual Solution

Privacy by design & privacy by default

Blog, Data protection

“Privacy by design” and “privacy by default” are closely linked. Read here to find out how you can minimize the risk of data breaches by using these two concepts, what you need to consider as a company and how Privacy by Design is implemented at Materna Virtual Solution:

What is privacy by design?

Privacy by design is very topical, especially with regard to the GDPR, although its origins date back to the 1990s. In principle, privacy by design means that data protection and privacy are incorporated before and during the development and design of products, services or applications such as apps. In contrast, in many solutions, data protection is only incorporated retrospectively and is therefore not part of the design process. The risk of data protection violations should be reduced to a minimum through privacy by design.

What is privacy by default?

Privacy by default refers to the privacy of users. The default settings of solutions should always be data protection-compliant, meaning that the user should not have to actively take care of their right to privacy or data protection. This is because it cannot be assumed that all users have sufficient IT knowledge to make the appropriate settings.

On the other hand, this principle also includes the principle of data minimization, i.e. collecting as little data as possible and protecting it as well as possible, for example through encryption. Furthermore, data must not be collected without a specific purpose.

Privacy by design & GDPR

The GDPR explicitly mentions privacy by design and privacy by default in Article 25 as “data protection by design and by default“. Non-compliance can result in high fines of up to 20 million euros or 4% of the company’s global turnover.

The GDPR therefore stipulates the use of technical and organizational measures (TOMs for short) that companies must implement and document in order to ensure privacy by design. However, no standard solutions or procedures are specified, but the following points must generally be observed:

  • Data minimization
  • Pseudonymization of personal data
  • Monitoring the processing of personal data by the user
  • Transparency with regard to the function and processing of personal data
  • Creating and improving security functions

Data protection must not only be a top priority for the company’s data protection officer, but also for all other employees who are involved in the selection or development of IT solutions and/or who work with personal data.

Zurück zur Übersicht
Previous Post
Corporate Owned, Personally Enabled (COPE) – what companies need to know
Next Post
Data protection is like washing your hands