Mandated by the General Data Protection Regulation, DPbDD is a core obligation of data controllers and data processors to ensure effective implementation of data protection principles and data subjects’ rights and freedoms. The controllers are required to implement appropriate technical and organisational measures and necessary safeguards and are obliged to demonstrate the effectiveness of implemented measures.

Sources: EDPB Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Adopted on 13 November 2019