Basic information about the regulation

Name of regulation
Processing of the personal data “by default”
The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.
Legislative localisation Chapter IV, Section 1, Article 25, Paragraph 2
Regulation's subject matter Data protection by design and by default (Article 25, Section 1, Chapter IV)
Regulation category Obligation
Regulation subcategory Prescriptive obligation
Actors concerned
Right Data subject
Obligation Controller
Knowww link