Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsEuropean Data Protection Board Adopts Guidelines on Data Protection by Design and Default
On October 20, 2020, the European Data Protection Board (EDPB) conducted its 40th plenary session. During the session, the EDPB adopted a final version of the Guidelines on Data Protection by Design & Default. The final guidelines will integrate updated wording and further legal reasoning in the draft published in November of 2019 in order to address comments and feedback received during the public consultation.
The guidelines focus on the effective implementation of the data protection principles and data subjects’ rights and freedoms by design and by default as set forth in Article 25 of the GDPR. Data protection by design and by default (DPbDD) means that data controllers have to implement appropriate technical and organizational measures and the necessary safeguards, designed to ascertain data protection principles in practice and to protect the rights and freedoms of data subjects. In addition, controllers should be able to demonstrate that the implemented measures are effective. Although DPbDD is one of the fundamental GDPR concepts, many organizations are struggling with implementing it in practice.
The Guidelines also contain guidance on how to effectively implement the data protection principles set forth in Article 5 of the GDPR (“Principles relating to processing of personal data”), listing key design and default elements, as well as practical cases for illustration. They further provide recommendations on how controllers and processors can cooperate to achieve DPbDD.
In addition to adopting the guidelines, the EDPB at the plenary session also set up a Coordinated Enforcement Framework which will provide a structure for coordinating recurring annual activities by the European Supervisory Authorities. The objective of the framework is to facilitate joint actions in a flexible and coordinated manner, ranging from joint awareness raising and information gathering to enforcement sweeps and joint investigations. The purpose of recurring annual coordinated actions is to promote compliance, to empower data subjects to exercise their rights, and to raise awareness.
Ask Clarip today how we can solve your biggest privacy compliance pain points, Call Clarip at 1-888-252-5653
