Establishing Privacy by design and default

The GDPR requires organisations to embed the prioritisation of data protection in all areas of work, not treat it as a bolt-on at the last stage of a new development.

This means any new policies, procedures, IT purchases, and projects must be organised and designed such that they have the protection of personal data, and adherence to the principles of the GDPR, at their heart.

All policies will have to explain how personal data is processed.