Data protection by design & default

Copyright © 2026 LexisNexis

Organisations often overlook data protection by design and default (DPbDD) when they are considering their UK GDPR compliance obligations. This is understandable, as DPbDD is an intangible, all-pervading concept that can be difficult to translate into specific actions, particularly compared to other discrete requirements of the UK General Data Protection Regulation (UK GDPR). However, there is a dedicated section in the UK GDPR about DPbDD (Article 25) and extensive guidance published by the Information Commissioner’s Office (ICO).

In essence, DPbDD involves considering data protection and privacy issues upfront in everything you do. This means you have to integrate data protection into your processing activities and business practices, from the design stage right through the lifecycle.

UK GDPR requirements

DPbDD is a general concept of the UK GDPR regime, but also a specific requirement under Article 25 of Assimilated Regulation (EU) 2016/679 (UK GDPR):

  1. Article 25(1) contains the data protection by design obligation

  2. Article 25(2) covers data protection by default

This is supplemented by Recital 78, although much of this repeats the substantive content in Article 25.

The UK GDPR can be difficult

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Practice Compliance News

Practice Compliance weekly highlights—9 April 2026

This week's edition of Practice Compliance weekly highlights includes the ICO's updated UK GDPR lawful basis guidance introducing a seventh lawful...

Government updates guidance on creating an action plan to reduce the gender pay gap and provide menopause support

The Government Equalities Office, Office for Equality and Opportunity, and Women and Equalities Unit have published updated guidance on creating...

Abuse of the right of access and causality (Brillen Rottler)

EU Law analysis: The Court of Justice has delivered a ruling in Brillen Rottler regarding the boundaries of the right of access under Article 15 of...

ICO updates UK GDPR lawful basis guidance following Data (Use and Access) Act

The Information Commissioner's Office (ICO) has updated its UK General Data Protection Regulation (GDPR) lawful basis guidance to reflect the...

View Practice Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin

Template for regulatory references given by SMCR firms and disclosure requirements

Template for regulatory references given by SMCR firms and disclosure requirements[Insert addressee details]Dear [insert name][It is our understanding that [insert name of prospective employee] [was an employee of yours between the dates of [insert dates as appropriate] OR is a current employee of
If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Glossary—Latin legal terms

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin

Template for regulatory references given by SMCR firms and disclosure requirements

Template for regulatory references given by SMCR firms and disclosure requirements

Template for regulatory references given by SMCR firms and disclosure requirements[Insert addressee details]Dear [insert name][It is our understanding that [insert name of prospective employee] [was an employee of yours between the dates of [insert dates as appropriate] OR is a current employee of