| Commentary

(b) Data protection by design

| Commentary

(b)     Data protection by design

Employers are required to ensure data protection by design and default in an effective manner in everything they do (UK GDPR art 25). This means that the measures employers put in place must: (a) be designed to implement the data protection principles; and (b) by default only process personal data which is necessary for each specific purpose of the processing and is not made widely available to the public without the data subject's intervention. In other words, employers must embed data protection into all of their business practices and data-processing activities, from start (design

To continue reading
Analyse the law and clarify obscure passages all within a practical context.