Contact Us

Privacy by Design with GDPR EU Regulations

Privacy by Design with GDPR EU Regulations  is described by Wikipedia as ‘not about data protection’ but instead ‘designing so data doesn’t need protection’ with the ‘root principle based on enabling service without data control transfer from the citizen to the system’.

For example, GPS on your mobile can detect its geographical location without giving that data or your identity away.

What does privacy by design mean in the context of the GDPR?

Privacy by design is a new regulation for the EU, within the GDPR. The EU Data Protection Directive does not refer to the concept. This means that data controllers will have to take the necessary actions to protect personal data until GDPR comes into force in May 2018.

What does GDPR state? Paragraphs 1 and 2 of article 25 outline Data Protection by Design and Data Protection by Default.

  • Firstly, Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.
  • Secondly, The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.

Also, The companies who do not implement privacy by design (such as social media) may have a big difference between their privacy policies and their privacy controls.

In 2016, WhatsApp may have shown this difference when updating their Terms and Conditions. Users had to agree to share their personal data with Facebook companies, and many wouldn’t have seen the option to opt-out, which was hidden with the sharing of their WhatApp data to improve ‘Facebook ad targeting and product experiences.’

What are the principles of privacy by design?

The ICO gives us a nice initial summary encouraging “organisations to ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. For example when:

  • firstly, building new IT systems for storing or accessing personal data;
  • secondly, developing legislation, policy or strategies that have privacy implications;
  • embarking on a data sharing initiative; or
  • also, using data for new purposes.”

The ICO gives the summary reassuring “Organisations to ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. For example when:

  • building new IT systems for storing or accessing personal data;
  • developing legislation, policy or strategies that have privacy implications;
  • embarking on a data sharing initiative; or
  • using data for new purposes.”

Key points

  • Proactive not reactive; preventative not remedial
  • purpose specification – explaining to users how personal data is collected, processed, retained and disclosed.
  • collection limitation – fair, lawful and limited to that which is necessary (also applies to data processing, retention and disclosure).
  • data minimization − non-identifiable interactions and transactions as default. Wherever possible, identifiability of personal information should be minimized.

Users should be aware of their right to:

  • prevent processing for direct marketing;
  • object to decisions being taken by automated means;
  • claim compensation for damages caused by a breach of the Act.

Respect for User Privacy

Privacy by design will ensure companies will receive marketing consent from users.

  • Privacy Policy will be seperate from other terms and conditions;
  • without pre-ticked boxes – i.e. the user must actively tick to opt-in;
  • granular – with separate consent for different types of processing;
  • your organisation and any third parties who will be relying on consent should be named;
  • reversible – tell people they have the right to withdraw and detail how to do it.

How Will the EU Enforce Privacy By Design?

The GDPR states that voluntary and transparent certification will be available through the appropriate certification body. It is not clear who this would be.

Although privacy by design is still an unclear concept, and may seem insignificant when compared to other parts of GDPR, it is obvious that privacy by design is necessary from organisations. This commitment will show that organisations are working towards full compliance.

This article was posted by



Leave a Reply

What our clients say

"It’s like having your own in-house digital marketing consultancy rather than an external company. I no longer think about them as a supplier. They’re part of the team."
Marketing Manager, Education
"They have always been professional and focused on delivering results in a timely and cost effective manner. It is enlightening to have an organisation that takes the time to make recommendations on actual data analysis."
Business Manager, Charity
"They (Network Intellect) continue to exhibit their digital expertise by helping us to establish a competitive advantage by pushing the boundaries and innovating their technology and performance solutions."
Head of Marketing Communications, Education
"Because of their talent, expertise and level of service our on-line business has increased dramatically."
Founder, Electronics
"I would have no hesitation in recommending them as an analytics partner to understand and improve the performance of a website."
Vice President, Retail
Network Intellect continue to give us a fantastic service, fast and friendly and are always ready to go the extra mile. They have gone above and beyond the call of duty to deliver our results.
Director, E-Cigarette Web
"We found that Network Intellect had the depth of knowledge we needed and after speaking to them a few times we decided to go with them. It’s the best decision we’ve made in some time."
Owner, Retail
"Their services offered great value for money. I would not hesitate to recommend them as a digital partner to others."
Strategic Marketing Manager, Education
"Jason and his team at Network Intellect embody efficiency and efficacy. I would have no hesitation in recommending this excellent company to others."
Marketing Manager, Education
Network Intellect have managed our product data feeds with exceptional care and meticulous detail. I know I can trust them to make the right decisions for our business."
Director, E-Commerce
"It’s like having your own in-house digital marketing consultancy rather than an external company. I no longer think about them as a supplier. They’re part of the team."
Marketing Manager, Education
Read all testimonialsRead all testimonials

We can help you be great

We have friendly staff ready to help you get on your path to greatness...
Network Intellect Menu