Privacy by design and privacy by default

The GDPR states that organisations must apply privacy by design and privacy by default. What do institutions have to take into account, and how can they ensure their compliance? SURF is examining this in various projects.

Privacy by design

Privacy by design means that privacy aspects are already taken into account during the development of products and services (such as information systems). For example, by taking and incorporating extra (technical) measures during the process in order to protect personal data. These measures are also referred to as Privacy Enhancing Technologies (PET).

Privacy by default

Privacy by default means that you offer users systems and products with the highest possible privacy settings. Users can then decide to adjust this themselves in order to offer more information.

Current projects

SURF is working with Privacy Company on privacy by design in order to create a tool that provides insight into the principles of privacy by design. We are working on a knowledge portal to support education organisations in the Netherlands. This new portal makes the knowledge, insights and solutions with respect to privacy accessible for privacy-conscious innovation both online and offline. The project is supported by the SIDN fund and will start in 2018.

SURF will soon research the various Privacy Enhancing Technologies.

More information

Latest modifications 20 Sep 2018