What is privacy by design under GDPR?

Privacy by design, codified in GDPR Article 25, requires organizations to integrate data protection into the design of systems and processes from the start, not bolt it on afterward. This includes data minimization, purpose limitation, and privacy-protective default settings. The concept originated with Ann Cavoukian's seven foundational principles in the 1990s and became a legal obligation when the GDPR took effect in 2018.

What does data minimization mean in practice?

Data minimization means collecting only the personal data that is strictly necessary for the stated purpose. In practice, this involves reviewing every form field, database column, and API call to confirm each data point serves a documented function. If a feature works without a piece of personal data, that data should not be collected. Teams should also set retention limits so data is deleted when the original purpose is fulfilled.

Privacy by Design Review

Evaluate a product feature through a privacy-first lens.

What Is Privacy by Design Review?

Privacy by Design is a GDPR requirement under Article 25 that obligates organizations to integrate data protection into the development of products, services, and systems from the earliest stage. It is not optional guidance. Controllers must implement appropriate technical and organizational measures at the time of determining the means for processing. This exercise puts you in the role of a privacy reviewer evaluating a new product feature before it goes to production. You will examine the feature's data collection scope, identify where it gathers more personal data than necessary, and recommend changes to enforce data minimization. The scenario includes realistic tradeoffs between product functionality and privacy: your engineering team wants behavioral tracking for analytics, your product manager wants user profiling for personalization, and you need to find the line where legitimate business needs end and overreach begins. You will apply the seven foundational principles of Privacy by Design, originally developed by Ann Cavoukian and now embedded in EU law. The exercise also covers data protection by default, requiring that only personal data necessary for each specific purpose is processed without manual user intervention. Practice building privacy into architecture decisions rather than bolting it on after deployment, which is both more expensive and less effective.

What You'll Learn in Privacy by Design Review

Evaluate product features against GDPR Article 25 requirements for data protection by design and by default
Apply data minimization principles to reduce personal data collection to what is strictly necessary
Identify privacy risks in system architecture before they become compliance liabilities in production
Navigate tradeoffs between product functionality goals and privacy engineering constraints
Recommend technical and organizational measures that satisfy both legal obligations and business objectives

Privacy by Design Review — Training Steps

Introduction

Under Article 25 of GDPR, data protection must be built into systems from the design phase - not bolted on as an afterthought. This principle is called 'Privacy by Design.'
Feature Review Request

You receive an email from the Product Manager requesting an urgent privacy review. The 'Customer Insights' feature is scheduled to launch next week, but it hasn't been reviewed for GDPR compliance yet. The email contains a link to the feature specification document.
Accessing the Product Portal

You need to log into the Product Portal to review the feature specification. This portal contains all pending feature reviews and documentation.
Opening the Feature Spec

The Feature Reviews queue shows one pending review - the Customer Insights feature. You need to open the specification document to assess its privacy compliance.
Data Collection Issue

The feature specification reveals the first privacy issue: the feature collects GPS location and full device fingerprints. For a customer feedback feature, this data is excessive. GDPR's data minimization principle requires collecting only what is strictly necessary for the stated purpose.
Retention Problem

The second issue is even more concerning: the specification states that collected data will be 'stored indefinitely for future analysis.' GDPR requires defined retention periods. Data cannot be kept forever without a lawful basis.
Default Settings Issue

The third issue is a classic dark pattern: 'Share anonymized data with partners' is pre-checked by default. Under GDPR, privacy-protective settings must be the default. Pre-checked consent boxes do not constitute valid consent - users must take affirmative action to opt in.
Access Control Issue

The final technical issue: the specification grants access to feedback data to 'All Customer Support teams across all regions.' This is far too broad. Under Privacy by Default, data should not be accessible to an indefinite number of people. Access should be limited to those who genuinely need it.
Additional Technical Issues

You notice two more concerning items in the technical implementation section: 1. The analytics ID is directly linked to user accounts - no pseudonymization 2. There's no mention of user rights: no data export, no deletion capability These are fundamental GDPR requirements that cannot be retrofitted easily.
Filing the Privacy Review

You've identified six major privacy issues that must be resolved before launch. Now you need to formally document these findings in a Privacy Impact Assessment form. This official review will be shared with the Product Manager and Engineering team.

What Is Privacy by Design Review?

What You'll Learn in Privacy by Design Review

Privacy by Design Review — Training Steps

Introduction

Feature Review Request

Accessing the Product Portal

Opening the Feature Spec

Data Collection Issue

Retention Problem

Default Settings Issue

Access Control Issue

Additional Technical Issues

Filing the Privacy Review