One of the best ways to help prevent getting into tangles with data protection law compliance later down the track is to integrate privacy measures into your organisation and its practices from the start. Not only will it help you comply with data protection best practice, but the law also requires that you do it.
The legal obligation to put measures in place comes from Article 25 of the UK GDPR (the UK’s main data protection law), which requires that companies have ‘appropriate measures to implement the data protection principles, and safeguard data’. These measures should be put in place when the means of the processing are determined (in other words, when a company is in its development stage) and at the time of the processing itself.
The law divides approaches to privacy measures into two concepts: data protection by ‘design’ and data protection by ‘default’.
Interested in finding out more? Read the full article on CUBE by Lewis Silkin - Data Protection by Design and Default.
Privacy by design and default is best achieved if you can manage to have your entire team on the same page when it comes to the privacy principles.