LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Privacy by Design sounds like a good idea. But is it actually a legal requirement? What does the GDPR say?

GDPR Article 25 makes Privacy by Design and Privacy by Default a binding legal obligation, defining five specific elements that organizations must implement.

The five elements of Article 25:

  1. Data minimization. Collect and process only what's strictly necessary for the stated purpose. If you don't need it, don't collect it.
  2. Pseudonymization. Replace identifying information with artificial identifiers. The real identity can only be restored with a separate key that's stored securely.
  3. Transparency. Make data processing activities clear and understandable to data subjects. No hidden data flows.
  4. Monitoring capability. Enable data subjects to oversee how their personal data is being processed. This means dashboards, export tools, and clear documentation.
  5. Security functions. Implement appropriate technical protections proportionate to the risk.

Two important qualifiers: First, implementation must be proportionate to the risk. A local bakery's website doesn't need the same measures as a health insurance platform. Second, certifications can serve as proof of compliance, giving organizations a structured way to demonstrate they meet the requirements.

Go deeper:

From Quiz: PRIVACY / TOM and OSINT | Updated: Jul 05, 2026