Data protection by design
Data protection by design requires controllers to implement appropriate technical and organisational measures designed to implement data protection principles, both at the time of designing processing operations and during the processing itself. This includes applying data minimisation, pseudonymisation, and purpose limitation from the outset. It reflects the principle that privacy should be a default feature of systems, not a retrofit.
DPA reference
Data Protection Act 2020
Related terms in Obligations
Anti-money laundering
Legal obligations requiring firms to detect and report financial crime.
Conflict of interest
A situation where a professional's duty to one client may be compromised by duties to another party.
Data breach notification
The legal requirement to report personal data breaches to the OIC within 72 hours.
Data minimisation
The principle that personal data collected should be limited to what is necessary for the stated purpose.