103 Data protection by design

103  Data protection by design

(1)     Where a controller proposes that a particular type of processing of personal data be carried out by or on behalf of the controller, the controller must, prior to the processing, consider the impact of the proposed processing on the rights and freedoms of data subjects.

(2)     A controller must implement appropriate technical and organisational measures which are designed to ensure that—

(a)     the data protection principles are implemented, and

(b)     risks to the rights and freedoms of data subjects are minimised.

Popular documents