Privacy by Design
What is Privacy by Design?
Privacy by DesignAn engineering and governance approach that embeds privacy considerations into systems, processes, and defaults from the earliest design stages rather than bolting them on later.
Privacy by Design (PbD), articulated by Ann Cavoukian and codified in GDPR Article 25 as "data protection by design and by default," is built on principles such as proactive prevention, privacy as the default setting, end-to-end protection, full lifecycle visibility, and respect for user rights. In practice, teams perform threat modeling for personal data, integrate Data Protection Impact Assessments, apply minimization, pseudonymization, encryption, and least privilege, and document choices in records of processing. PbD complements security-by-design and aligns with NIST Privacy Framework, ISO/IEC 27701, and OECD guidelines, helping organizations avoid costly retrofits and reduce regulatory and reputational risk.
● Examples
- 01
Defaulting a new SaaS account to the most privacy-protective sharing settings.
- 02
Requiring a privacy review and DPIA before any new pipeline handling biometric data is shipped.
● Frequently asked questions
What is Privacy by Design?
An engineering and governance approach that embeds privacy considerations into systems, processes, and defaults from the earliest design stages rather than bolting them on later. It belongs to the Privacy & Data Protection category of cybersecurity.
What does Privacy by Design mean?
An engineering and governance approach that embeds privacy considerations into systems, processes, and defaults from the earliest design stages rather than bolting them on later.
How does Privacy by Design work?
Privacy by Design (PbD), articulated by Ann Cavoukian and codified in GDPR Article 25 as "data protection by design and by default," is built on principles such as proactive prevention, privacy as the default setting, end-to-end protection, full lifecycle visibility, and respect for user rights. In practice, teams perform threat modeling for personal data, integrate Data Protection Impact Assessments, apply minimization, pseudonymization, encryption, and least privilege, and document choices in records of processing. PbD complements security-by-design and aligns with NIST Privacy Framework, ISO/IEC 27701, and OECD guidelines, helping organizations avoid costly retrofits and reduce regulatory and reputational risk.
How do you defend against Privacy by Design?
Defences for Privacy by Design typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Privacy by Design?
Common alternative names include: Data Protection by Design, Privacy by Default.
● Related terms
- privacy№ 857
Privacy Impact Assessment (PIA)
A structured process to identify, evaluate, and mitigate privacy risks of a system, project, or data-processing activity before it goes live.
- privacy№ 280
Data Minimization
A privacy principle requiring organizations to collect, process, and retain only the personal data that is strictly necessary for a defined, lawful purpose.
- privacy№ 276
Data Classification
The process of labeling data by sensitivity and value so that the right protection, handling, and retention controls can be applied consistently.
- privacy№ 210
Consent Management
The processes and tooling used to collect, record, refresh, and honor user permissions for processing personal data and setting cookies, in line with privacy law.
- compliance№ 440
GDPR
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
- privacy№ 875
Pseudonymization
A technique that replaces direct identifiers in personal data with reversible aliases, so that the data can no longer be attributed to an individual without additional, separately kept information.
● See also
- № 286Data Subject Access Request (DSAR)
- № 932Right to Be Forgotten
- № 284Data Retention
- № 283Data Residency
- № 285Data Sovereignty
- № 692Mobile App Permissions
- № 228CPRA
- № 826PIPEDA