Privacy by Default

Privacy by default means “ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed” (Art. 25, No. 2, EU GDPR).

“That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.”

This means that by default you should not collect more information than you need. Furthermore you should only save this information as longs as you need it. However, other regulations may require you to collect further information or store the information longer.

« Back to Glossary Index