European Data Protection Board published the final version of the EDPB Guidelines
Following public consultation, the EDPB adopted a final version of the Guidelines on Data Protection by Design & Default. The guidelines focus on the obligation of Data Protection by Design and by Default (DPbDD) as set forth in . The core obligation enshrined in Art.25 is the effective implementation of the data protection principles and data subjects’ rights and freedoms by design and by default. This means that controllers have to implement appropriate technical and organisational measures and the necessary safeguards, designed to ascertain data protection principles in practice and to protect the rights and freedoms of data subjects. In addition, controllers should be able to demonstrate that the implemented measures are effective.
The Guidelines also contain guidance on how to effectively implement the data protection principles in Article 5 GDR, listing key design and default elements, as well as practical cases for illustration. They further provide recommendations on how controllers, processors and producers can cooperate to achieve DPbDD.
The final guidelines integrate updated wording and further legal reasoning in order to address comments and feedback received during the public consultation.
