Privacy by default
Also known as: data protection by default
Privacy by default (also called data protection by default) requires controllers to implement appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each specific purpose of processing is collected, used, stored, and accessed. The default settings of any product or service must be the most privacy-friendly option. Users should not have to actively opt out to get privacy protection.
DPA reference
Data Protection Act 2020
Related terms in Obligations
Anti-money laundering
Legal obligations requiring firms to detect and report financial crime.
Conflict of interest
A situation where a professional's duty to one client may be compromised by duties to another party.
Data breach notification
The legal requirement to report personal data breaches to the OIC within 72 hours.
Data minimisation
The principle that personal data collected should be limited to what is necessary for the stated purpose.