Privacy by design and default

Privacy by design and default have always been implicit requirements of data protection legislation.


GDPR enshrines both the principle of "privacy by design" and the principle of "privacy by default" in law.

  • Privacy by design is where privacy is considered from the initial concept and design of any activity, process or product that involves data processing (e.g. a research project) right throughout its lifecycle through to it's conclusion (including considerations of data erasure and/or archiving).
  • Privacy by default ensures that for any activity, process or product that involves data processing, the default settings are always the most privacy-friendly ones.
7 Principles of privacy by default and design

Proactive not reactive

The Privacy by design is proactive rather than reactive.

It anticipates and prevents privacy invasive events before they happen.

Privacy by design does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent them from occurring.

In short, Privacy by design comes before-the-fact, not after.

Privacy is the default setting

Privacy by design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice.

If an individual does nothing, their privacy still remains intact.

No action is required on the part of the individual to protect their privacy — it is built into the system, by default.

Privacy embedded into design

Privacy by design is embedded into the design and architecture of IT systems and business practices.

It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered.

Privacy is integral to the system, without diminishing functionality.

Positive functionality

Privacy by design seeks to ensure that it is possible to protect privacy while still delivering on the lawful requirements of business, individuals and public bodies to function. 

End-to-end security - full lifecycle protection

Privacy by design maintains data security throughout the entire lifecycle of the data processing involved — strong security measures are essential to privacy, from start to finish.

This ensures that all data are securely retained, and then securely destroyed at the end of the process, in a timely fashion.

Privacy by design ensures cradle to grave, secure lifecycle management of information, end-to-end.

Visibility and transparency - keep it open

Privacy by design seeks to assure all stakeholders that irrespective of the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification.  Its component parts and operations remain visible and transparent, to users and providers alike.

Respect for individuals' privacy

Privacy by design requires data controllers and processors to protect the interests of the individual by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options.

Privacy by design focuses first and foremost on  the privacy of the individual.


This guidance has been prepared by the HRB to help researchers in the health domain comply with GDPR requirements.

It is intended to be general guidance for educational and informational purposes only.

It is not legal advice.