Show simple item record

dc.contributor.authorALMADA, Marco
dc.contributor.authorMARANHÃO, Juliano
dc.contributor.authorSARTOR, Giovanni
dc.identifier.citationIndra SPIECKER GEN. DÖHMANN; Vagelis PAPAKONSTANTINOU; Gerrit HORNUNG and Paul DE HERT (eds), General data protection regulation : article-by-article commentary, Baden-Baden; München; Oxford : Nomos; Beck; Hart Publishing, 2023, pp. 580-601en
dc.description.abstractArt. 25 introduces two general data protection requirements: data protection by design (Art. 25 para. 1) and data protection by default (Art. 25 para. 2). Data protection by design requires that data controllers adopt appropriate technical and organizational measures and necessary safeguards to implement data protection principles, protect the rights of data subjects, and meet the requirements imposed by the GDPR. Data protection by default requires that data controllers adopt measures to ensure that each processing operation is limited to what is necessary, under normal circumstances, to the purposes of the processing, as long as no justified specific initiative to the contrary is adopted.The two principles are connected; and indeed, data protection by default has been viewed as a specific aspect of a proactive/risk-prevention approach to data protection, often identified under the term “privacy by design.” Such principles are based on the idea that data protection should be built into the very structure of information systems, the latter being understood as sociotechnical systems, in which machines and humans are integrated through organisational arrangements. This explains why the measures at stake may be technical, such as pseudonymisation or anonymisation, as well as organisational, such as the adoption of specific training for personnel involved in processing operations. Both principles are based on the idea that the functioning of an information system – and, in particular, the way in which it affects data subjects – primarily depends on its architecture. Effective protection can only be guaranteed if risk prevention measures are adopted during design and deployment.en
dc.publisherNomos; Beck; Hart Publishingen
dc.titleArt. 25. Data protection by design and by defaulten
dc.typeContribution to booken

Files associated with this item


There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record