Data protection by design and default is an approach that requires appropriate technical and organisational measures to implement data protection principles effectively and to safeguard an individual's rights from the early stages of planning a process or project, through to the end. The benefits of this approach include the identification of privacy issues at an early stage and increased awareness of data protection and forms part of the focus on accountability. The Data Protection Act 2018 (DPA 2018) [1] and the UK General Data Protection Regulations (UK GDPR) [2] makes processing by design and default a legal requirement.
The Information Commissioner's Office has further advice:
Data Protection by Design and Default
Ensure that data protection by design and default are key considerations whenever you establish or amend processes that deal with the processing of personal data.