ABSTRACT
The controller must implement appropriate technical and organizational measures for ensuring that, by default, only personal data that are necessary for each specific purpose of the processing are processed. In particular, such measures must ensure that by default, personal data are not made accessible without the individual's intervention to an indefinite number of natural persons. Problem issues are addressed and solutions incorporated into the process design and process cycle so that pre-problem-solving is achieved for personal data. Following on from data protection by design, the General Data Protection Regulation introduces a complimentary concept of data protection by default. Consider the example of Google outdoor mapping and imaging in Streetview in the United Kingdom. Data protection considerations need to be considered and built in from the earliest stage in processes that potentially impact data protection. Data protection by default can assist organizations in reducing adverse data protection incidents.
