Data Protection (Jersey) Law 2018 (DPJL) requires you to put in place appropriate technical and organisational measures to implement the data protection principles and safeguard individual rights. This is ‘data protection by design and by default’.
In essence, this means you have to integrate or ‘bake in’ data protection into your processing activities and business practices, from the design stage right through the lifecycle.
This concept is not new. Previously known as ‘privacy by design’, it has have always been part of data protection law. The key change with DPJL is that it is now a legal requirement.
Data protection by design is about considering data protection and privacy issues upfront in everything you do. It can help you ensure that you comply with the DPJL’s fundamental principles and requirements, and forms part of the focus on accountability.