- EDPB publishes guidelines on data protection by design and by default
- Who is the target audience?
- What are the data protection by design obligations?
- What are technical and organisational measures?
- How should safeguards be used?
- What is meant by ‘state of the art’?
- How is the issue of cost approached?
- What are the data protection by default obligations?
- How should data protection principles be implemented?
- How should processing operations be certified?
- When does the consultation period end?
Information Law Analysis: On 20 November 2019, the European Data Protection Board (EDPB) published its draft guidelines on the principles of Data Protection by Design and Default (the Guidelines) under Article 25 of the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). The Guidelines were adopted on 13 November 2019 in the EDPB’s fifteenth plenary session. They give general guidance on the interpretation of the obligations of data protection by design and by default. In addition to covering these principles, the Guidelines also cover certification mechanisms for demonstrating compliance with Article 25 of the GDPR and enforcement by supervisory authorities. Matthew Buckwell, Ruth Boardman and Ariane Mole of Bird & Bird LLP explain the latest developments.
Sign in or take a trial to read the full analysis.
To continue reading this news article, as well as thousands of others like it, sign in to LexisPSL or register for a free trial