Contact
The Regulation introduces the principles of privacy through data protection by design and by default.
This means that the controller must, both when determining the means for processing and at the time of the processing itself, apply appropriate technical and organisational measures designed to effectively implement data-protection principles and integrate necessary safeguards into the processing in order to meet GDPR requirements.
The controller must therefore apply appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility.