At a glance

  • Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities.
  • Privacy by design has always been an implicit requirement of data protection that the ICO has consistently championed.
  • The ICO has published guidance on privacy by design. We are working to update this guidance to reflect the provisions of the GDPR. In the meantime, the existing guidance is a good starting point for organisations.