What Is Data Protection by Design and by Default?
Data Protection by Design and by Default is the obligation to build privacy safeguards into systems from the outset and to default to the most privacy-protective settings.
Data Protection by Design and by Default — the obligation to build privacy safeguards into systems from the outset and to default to the most privacy-protective settings.
Rather than bolting privacy on afterwards, this principle (GDPR Article 25) requires data protection to be considered at the design stage and reflected in default configurations. For AI, it means thinking about data minimisation, purpose limitation, and safeguards before a system is built — not after a problem emerges.
Source: GDPR, Article 25
Plain-language explanation
Rather than bolting privacy on afterwards, this principle (GDPR Article 25) requires data protection to be considered at the design stage and reflected in default configurations. For AI, it means thinking about data minimisation, purpose limitation, and safeguards before a system is built — not after a problem emerges.
Related terms
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →